[Snort-users] Extracting snortrules-2931.tar.gz

Akinwale Fasuru fashman2k1 at ...131...
Tue Oct 9 16:40:25 EDT 2012


I appreciate your effort guys, y'all are helping a brother here so lets take it cool. I am very new to linux thats why. 
I will try your opinion Jeremy and let you know wat zup

Wale


--- On Tue, 10/9/12, Jeremy Hoel <jthoel at ...11827...> wrote:

> From: Jeremy Hoel <jthoel at ...11827...>
> Subject: Re: [Snort-users] Extracting snortrules-2931.tar.gz
> To: "AllowOverride" <allowoverride at ...11827...>
> Cc: "snort-users" <snort-users at lists.sourceforge.net>
> Date: Tuesday, October 9, 2012, 3:17 PM
> And like i said in the email before
> you responded, you can find the
> file name right from the website.. when you click download
> rules.
> http://snort.org/snort-rules/?
> 
> Snort v2.9
> MD5 - 09 Oct, 2012
> snortrules-snapshot-2931.tar.gz
> MD5 - 09 Oct, 2012
> snortrules-snapshot-2912.tar.gz
> MD5 - 09 Oct, 2012
> snortrules-snapshot-2923.tar.gz
> MD5 - 09 Oct, 2012
> snortrules-snapshot-2930.tar.gz
> 
> 
> 
> It's right there.. you just have to look at the page. 
> Reading is fundamental.
> 
> 
> 
> 
> On Tue, Oct 9, 2012 at 8:16 PM, AllowOverride <allowoverride at ...11827...>
> wrote:
> > we dont know the file name!!! sheshh
> >
> > On Tue, 2012-10-09 at 20:02 +0000, Jeremy Hoel wrote:
> >> The page shows:
> >>
> >> wget http://www.snort.org/sub-rules/<filename>/<oinkcode
> here> \
> >>              -O
> <output-filename>
> >>
> >>
> >> It's pretty clear.  put the proper, correct,
> current filename where is
> >> says filename and things work.  They shouldn't
> have to hold hands and
> >> walk through the whole thing.
> >>
> >> When you try and use examples you have to expect
> and realize that the
> >> example might be out of date and maybe try and
> figure out what it
> >> might take to make it work.
> >>
> >>
> >>
> >> On Tue, Oct 9, 2012 at 7:51 PM, AllowOverride
> <allowoverride at ...11827...>
> wrote:
> >> > when i say something doesnt work, i mean, it
> doesnt work:
> >> >
> >> > wget
> >> > http://www.snort.org/sub-rules/snortrules-snapshot-2900.tar.gz/hidden-sorry--2012-10-09
> 12:44:42--  http://www.snort.org/sub-rules/snortrules-snapshot-2900.tar.gz/hidden-sorry
> >> > Resolving www.snort.org... 23.23.170.170
> >> > Connecting to
> www.snort.org|23.23.170.170|:80... connected.
> >> > HTTP request sent, awaiting response... 403
> Forbidden
> >> > 2012-10-09 12:44:42 ERROR 403: Forbidden.
> >> >
> >> > wget
> >> > http://www.snort.org/reg-rules/snortrules-snapshot-2900.tar.gz/sorry-hidden
> >> > --2012-10-09 12:45:54--
> >> > http://www.snort.org/reg-rules/snortrules-snapshot-2900.tar.gz/sorry-hidden
> >> > Resolving www.snort.org... 23.23.143.143
> >> > Connecting to
> www.snort.org|23.23.143.143|:80... connected.
> >> > HTTP request sent, awaiting response... 403
> Forbidden
> >> > 2012-10-09 12:45:56 ERROR 403: Forbidden.
> >> >
> >> > and just for good measure
> >> >
> >> > wget
> >> > http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/sorry-hidden
> >> > --2012-10-09 12:47:03--
> >> > http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/hidden-again
> >> > Resolving www.snort.org... 23.23.170.170
> >> > Connecting to
> www.snort.org|23.23.170.170|:80... connected.
> >> > HTTP request sent, awaiting response... 403
> Forbidden
> >> > 2012-10-09 12:47:04 ERROR 403: Forbidden.
> >> >
> >> >
> >> > now. the last one shouldn't work, becuz im not
> a register user
> >> > the sub rules works if you know what you are
> doing...
> >> >
> >> > If you include 2931 inplace of 2900 it will
> work, only if you are in the
> >> > system for oinkcode. BUT, that is not what is
> autopopulated for you on
> >> > the oinkcode page. it says, 2900. it wont
> work.
> >> >
> >> > all i am saying fix is, change it to reflect
> the CURRENT version. thats
> >> > all. not everyone will catch it, and ya know,
> end up asking the question
> >> > here.
> >> >
> >> > let's let the developers put the current
> version as well. takes what, 2
> >> > seconds and saves users HOURS of wtf..
> headaches...
> >> >
> >> > thanks
> >> >
> >> >
> >> >
> >> > On Tue, 2012-10-09 at 19:19 +0000, Jeremy Hoel
> wrote:
> >> >> The link he was using worked fine for me.
> I tested the get and got the
> >> >> rules with no no problem.. with the link
> he had. His problem is not
> >> >> related to a bad link.
> >> >>
> >> >> The examples show that you need a file
> name
> >> >> (http://snort.org/snort-rules/cli) and when you go to
> the page before,
> >> >> the main download page (http://snort.org/snort-rules/?), it shows the
> >> >> file names. They are not trying to make
> this overly confusing and
> >> >> hard.. but it does require some effort and
> understanding on the
> >> >> installers part. Or, you could sign in and
> grab them from the gui, or
> >> >> use pullpork.  3 different methods to
> get the rules..
> >> >>
> >> >> The examples are generic enough that they
> don't have to change
> >> >> whenever the rule file changes.  Lets
> let the developers work on
> >> >> keeping the software fixed and nor worry
> about the web page not having
> >> >> the most specific instructions.
> >> >>
> >> >>
> >> >> On Tue, Oct 9, 2012 at 7:12 PM,
> AllowOverride <allowoverride at ...11827...>
> wrote:
> >> >> > jer,
> >> >> > i tried the preferred method
> displayed on oinkcode page.
> >> >> > it doesnt work for sub/reg unless you
> know to put 2931. also, other
> >> >> > methods of wget'ing the url according
> to docs are supposed to work but
> >> >> > do not, unless know the exact file
> name, and thats not always easy to
> >> >> > find on the ftp site, or by other
> methods.
> >> >> >
> >> >> > just a heads up, that kept me off
> task for a few days trying to figure
> >> >> > it out.
> >> >> >
> >> >> > suggestion... fix the examples on the
> oinkcode page.
> >> >> >
> >> >> >
> >> >> >
> >> >> > On Tue, 2012-10-09 at 17:12 +0000,
> Jeremy Hoel wrote:
> >> >> >> The answer is in the text file
> that you sent back.
> >> >> >>
> >> >> >> 2012-10-04 14:07:24 ERROR 403:
> Forbidden.
> >> >> >>
> >> >> >> so however you tried to get the
> file, it didn't work.  If you used
> >> >> >> wget and an oink code then you
> need to check the code.
> >> >> >>
> >> >> >>
> >> >> >> On Tue, Oct 9, 2012 at 4:59 PM,
> Akinwale Fasuru <fashman2k1 at ...131...>
> wrote:
> >> >> >> > Here is what i gath after
> running cat....
> >> >> >> >
> >> >> >> > --2012-10-04
> 14:07:23--  http://www.snort.org/sub-rules/snortrules-snapshot-2931.tar.gz/3b6de1b425e1a20c6f85e705f3631bc958ad11db
> >> >> >> > Resolving www.snort.org...
> 23.23.170.170
> >> >> >> > Connecting to
> www.snort.org|23.23.170.170|:80... connected.
> >> >> >> > HTTP request sent, awaiting
> response... 403 Forbidden
> >> >> >> > 2012-10-04 14:07:24 ERROR
> 403: Forbidden.
> >> >> >> >
> >> >> >> >
> >> >> >> > What do u think?
> >> >> >> >
> >> >> >> >
> >> >> >> > --- On Tue, 10/9/12, Jeremy
> Hoel <jthoel at ...11827...>
> wrote:
> >> >> >> >
> >> >> >> >> From: Jeremy Hoel <jthoel at ...11827...>
> >> >> >> >> Subject: Re:
> [Snort-users] Extracting snortrules-2931.tar.gz
> >> >> >> >> To: "Akinwale Fasuru"
> <fashman2k1 at ...131...>
> >> >> >> >> Cc: snort-users at lists.sourceforge.net
> >> >> >> >> Date: Tuesday, October
> 9, 2012, 11:53 AM
> >> >> >> >> to check the size of a
> file, go to
> >> >> >> >> the directory where the
> file is and
> >> >> >> >> run 'ls -al'.
> >> >> >> >>
> >> >> >> >> But since 'file' said
> it's text and not a tar.gz or zip
> >> >> >> >> file, then
> >> >> >> >> that's the
> problem.  Your download is not correct.
> >> >> >> >>
> >> >> >> >> go ahead and run 'cat
> snortrules-2931.tar.gz'
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> On Tue, Oct 9, 2012 at
> 4:50 PM, Akinwale Fasuru <fashman2k1 at ...131...>
> >> >> >> >> wrote:
> >> >> >> >> > I replied the email
> you sent earlier saying that i
> >> >> >> >> didnt know how to check
> for te size of the file. But i did
> >> >> >> >> rule the command u asked
> me here is the response
> >> >> >> >> >
> >> >> >> >> >
> snortrules-2931.tar.gz: ASCII text
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > --- On Tue,
> 10/9/12, Jeremy Hoel <jthoel at ...11827...>
> >> >> >> >> wrote:
> >> >> >> >> >
> >> >> >> >> >> From: Jeremy
> Hoel <jthoel at ...11827...>
> >> >> >> >> >> Subject: Re:
> [Snort-users] Extracting
> >> >> >> >> snortrules-2931.tar.gz
> >> >> >> >> >> To: "Akinwale
> Fasuru" <fashman2k1 at ...131...>
> >> >> >> >> >> Cc: snort-users at lists.sourceforge.net
> >> >> >> >> >> Date: Tuesday,
> October 9, 2012, 11:46 AM
> >> >> >> >> >> You never got
> back to me about the
> >> >> >> >> >> size of the
> file and if the file
> >> >> >> >> >> was complete.
> >> >> >> >> >>
> >> >> >> >> >> the error makes
> it sound like it's not a tar.gz
> >> >> >> >> file.
> >> >> >> >> >>
> >> >> >> >> >> you need to
> very you got the whole file and that
> >> >> >> >> it's not
> >> >> >> >> >> just a text
> error.
> >> >> >> >> >>
> >> >> >> >> >> run 'file
> snortrules-2931.tar.gz' and see what it
> >> >> >> >> says.
> >> >> >> >> >>
> >> >> >> >> >> On Tue, Oct 9,
> 2012 at 4:29 PM, Akinwale Fasuru
> >> >> >> >> <fashman2k1 at ...131...>
> >> >> >> >> >> wrote:
> >> >> >> >> >> > Hello
> everyone,
> >> >> >> >> >> >  I am
> still having problems extracting
> >> >> >> >> >>
> snortrules-2931.tar.gz
> >> >> >> >> >> >
> >> >> >> >> >> > tar -xzvf
> snortrules-2931.tar.gz
> >> >> >> >> >> >> I get
> this erro message
> >> >> >> >> >> >>
> >> >> >> >> >> >> zip:
> stdin: not in gzip format
> >> >> >> >> >> >>
> >> >> >> >> >> >> tar:
> Child returned status 1
> >> >> >> >> >> >>
> >> >> >> >> >> >> tar:
> Error is not recoverable: exiting
> >> >> >> >> now
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >>
> >> >> >> >>
> ------------------------------------------------------------------------------
> >> >> >> >> >> > Don't let
> slow site performance ruin your
> >> >> >> >> business.
> >> >> >> >> >> Deploy New
> Relic APM
> >> >> >> >> >> > Deploy New
> Relic app performance management
> >> >> >> >> and know
> >> >> >> >> >> exactly
> >> >> >> >> >> > what is
> happening inside your Ruby, Python,
> >> >> >> >> PHP, Java,
> >> >> >> >> >> and .NET app
> >> >> >> >> >> > Try New
> Relic at no cost today and get our
> >> >> >> >> sweet Data
> >> >> >> >> >> Nerd shirt
> too!
> >> >> >> >> >> > http://p.sf.net/sfu/newrelic-dev2dev
> >> >> >> >> >> >
> >> >> >> >>
> _______________________________________________
> >> >> >> >> >> >
> Snort-users mailing list
> >> >> >> >> >> > Snort-users at lists.sourceforge.net
> >> >> >> >> >> > Go to this
> URL to change user options or
> >> >> >> >> unsubscribe:
> >> >> >> >> >> > https://lists.sourceforge.net/lists/listinfo/snort-users
> >> >> >> >> >> >
> Snort-users list archive:
> >> >> >> >> >> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >> >> >> >> >> >
> >> >> >> >> >> > Please
> visit http://blog.snort.org to stay current on
> >> >> >> >> >> all the latest
> Snort news!
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >> >>
> ------------------------------------------------------------------------------
> >> >> >> Don't let slow site performance
> ruin your business. Deploy New Relic APM
> >> >> >> Deploy New Relic app performance
> management and know exactly
> >> >> >> what is happening inside your
> Ruby, Python, PHP, Java, and .NET app
> >> >> >> Try New Relic at no cost today
> and get our sweet Data Nerd shirt too!
> >> >> >> http://p.sf.net/sfu/newrelic-dev2dev
> >> >> >>
> _______________________________________________
> >> >> >> Snort-users mailing list
> >> >> >> Snort-users at lists.sourceforge.net
> >> >> >> Go to this URL to change user
> options or unsubscribe:
> >> >> >> https://lists.sourceforge.net/lists/listinfo/snort-users
> >> >> >> Snort-users list archive:
> >> >> >> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >> >> >>
> >> >> >> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
> >> >> >
> >> >
> >
> 
> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy
> New Relic APM
> Deploy New Relic app performance management and know
> exactly
> what is happening inside your Ruby, Python, PHP, Java, and
> .NET app
> Try New Relic at no cost today and get our sweet Data Nerd
> shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>




More information about the Snort-users mailing list