[Snort-users] Extracting snortrules-2931.tar.gz

AllowOverride allowoverride at ...11827...
Tue Oct 9 21:17:46 EDT 2012


thanks joel, i know i could have looked around more, but i figure
consistency across the site should be mentioned. thanks

On Tue, 2012-10-09 at 20:56 -0400, Joel Esler wrote:
> I'll get this fixed. 
> 
> Sent from my iPhone
> 
> On Oct 9, 2012, at 8:41 PM, AllowOverride <allowoverride at ...11827...> wrote:
> 
> > i am referring to this page:
> > 
> > https://www.snort.org/account/oinkcode
> > 
> > its NOT right there for you, it says 2900.
> > i see what your are talking about, but others surely wont...
> > 
> > the process is, you read the config, you substitute what is displayed on
> > that link. it wont work, UNLESS you know the file name, by clicking 
> > a diff page on snort.org. sorry, but i didn't see that page until much
> > later, the one you referred too. so when someone updates the page, i
> > figure, incase someone takes the same path i do, and copies the link as
> > is, with their oinkcode attached, which logically you would do at first
> > glance, as you are using it for pulledpork.conf. this discussion is the
> > result. 
> > 
> > i figure if they update the page you found first time, with 2931, so
> > that we can cut paste it, to use with pp.pl, then there will be no
> > problems. thats all, nothing more, 
> > 
> > On Tue, 2012-10-09 at 20:17 +0000, Jeremy Hoel wrote:
> >> And like i said in the email before you responded, you can find the
> >> file name right from the website.. when you click download rules.
> >> http://snort.org/snort-rules/?
> >> 
> >> Snort v2.9
> >> MD5 - 09 Oct, 2012
> >> snortrules-snapshot-2931.tar.gz
> >> MD5 - 09 Oct, 2012
> >> snortrules-snapshot-2912.tar.gz
> >> MD5 - 09 Oct, 2012
> >> snortrules-snapshot-2923.tar.gz
> >> MD5 - 09 Oct, 2012
> >> snortrules-snapshot-2930.tar.gz
> >> 
> >> 
> >> 
> >> It's right there.. you just have to look at the page.  Reading is fundamental.
> >> 
> >> 
> >> 
> >> 
> >> On Tue, Oct 9, 2012 at 8:16 PM, AllowOverride <allowoverride at ...11827...> wrote:
> >>> we dont know the file name!!! sheshh
> >>> 
> >>> On Tue, 2012-10-09 at 20:02 +0000, Jeremy Hoel wrote:
> >>>> The page shows:
> >>>> 
> >>>> wget http://www.snort.org/sub-rules/<filename>/<oinkcode here> \
> >>>>             -O <output-filename>
> >>>> 
> >>>> 
> >>>> It's pretty clear.  put the proper, correct, current filename where is
> >>>> says filename and things work.  They shouldn't have to hold hands and
> >>>> walk through the whole thing.
> >>>> 
> >>>> When you try and use examples you have to expect and realize that the
> >>>> example might be out of date and maybe try and figure out what it
> >>>> might take to make it work.
> >>>> 
> >>>> 
> >>>> 
> >>>> On Tue, Oct 9, 2012 at 7:51 PM, AllowOverride <allowoverride at ...11827...> wrote:
> >>>>> when i say something doesnt work, i mean, it doesnt work:
> >>>>> 
> >>>>> wget
> >>>>> http://www.snort.org/sub-rules/snortrules-snapshot-2900.tar.gz/hidden-sorry--2012-10-09 12:44:42--  http://www.snort.org/sub-rules/snortrules-snapshot-2900.tar.gz/hidden-sorry
> >>>>> Resolving www.snort.org... 23.23.170.170
> >>>>> Connecting to www.snort.org|23.23.170.170|:80... connected.
> >>>>> HTTP request sent, awaiting response... 403 Forbidden
> >>>>> 2012-10-09 12:44:42 ERROR 403: Forbidden.
> >>>>> 
> >>>>> wget
> >>>>> http://www.snort.org/reg-rules/snortrules-snapshot-2900.tar.gz/sorry-hidden
> >>>>> --2012-10-09 12:45:54--
> >>>>> http://www.snort.org/reg-rules/snortrules-snapshot-2900.tar.gz/sorry-hidden
> >>>>> Resolving www.snort.org... 23.23.143.143
> >>>>> Connecting to www.snort.org|23.23.143.143|:80... connected.
> >>>>> HTTP request sent, awaiting response... 403 Forbidden
> >>>>> 2012-10-09 12:45:56 ERROR 403: Forbidden.
> >>>>> 
> >>>>> and just for good measure
> >>>>> 
> >>>>> wget
> >>>>> http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/sorry-hidden
> >>>>> --2012-10-09 12:47:03--
> >>>>> http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/hidden-again
> >>>>> Resolving www.snort.org... 23.23.170.170
> >>>>> Connecting to www.snort.org|23.23.170.170|:80... connected.
> >>>>> HTTP request sent, awaiting response... 403 Forbidden
> >>>>> 2012-10-09 12:47:04 ERROR 403: Forbidden.
> >>>>> 
> >>>>> 
> >>>>> now. the last one shouldn't work, becuz im not a register user
> >>>>> the sub rules works if you know what you are doing...
> >>>>> 
> >>>>> If you include 2931 inplace of 2900 it will work, only if you are in the
> >>>>> system for oinkcode. BUT, that is not what is autopopulated for you on
> >>>>> the oinkcode page. it says, 2900. it wont work.
> >>>>> 
> >>>>> all i am saying fix is, change it to reflect the CURRENT version. thats
> >>>>> all. not everyone will catch it, and ya know, end up asking the question
> >>>>> here.
> >>>>> 
> >>>>> let's let the developers put the current version as well. takes what, 2
> >>>>> seconds and saves users HOURS of wtf.. headaches...
> >>>>> 
> >>>>> thanks
> >>>>> 
> >>>>> 
> >>>>> 
> >>>>> On Tue, 2012-10-09 at 19:19 +0000, Jeremy Hoel wrote:
> >>>>>> The link he was using worked fine for me. I tested the get and got the
> >>>>>> rules with no no problem.. with the link he had. His problem is not
> >>>>>> related to a bad link.
> >>>>>> 
> >>>>>> The examples show that you need a file name
> >>>>>> (http://snort.org/snort-rules/cli) and when you go to the page before,
> >>>>>> the main download page (http://snort.org/snort-rules/?), it shows the
> >>>>>> file names. They are not trying to make this overly confusing and
> >>>>>> hard.. but it does require some effort and understanding on the
> >>>>>> installers part. Or, you could sign in and grab them from the gui, or
> >>>>>> use pullpork.  3 different methods to get the rules..
> >>>>>> 
> >>>>>> The examples are generic enough that they don't have to change
> >>>>>> whenever the rule file changes.  Lets let the developers work on
> >>>>>> keeping the software fixed and nor worry about the web page not having
> >>>>>> the most specific instructions.
> >>>>>> 
> >>>>>> 
> >>>>>> On Tue, Oct 9, 2012 at 7:12 PM, AllowOverride <allowoverride at ...11827...> wrote:
> >>>>>>> jer,
> >>>>>>> i tried the preferred method displayed on oinkcode page.
> >>>>>>> it doesnt work for sub/reg unless you know to put 2931. also, other
> >>>>>>> methods of wget'ing the url according to docs are supposed to work but
> >>>>>>> do not, unless know the exact file name, and thats not always easy to
> >>>>>>> find on the ftp site, or by other methods.
> >>>>>>> 
> >>>>>>> just a heads up, that kept me off task for a few days trying to figure
> >>>>>>> it out.
> >>>>>>> 
> >>>>>>> suggestion... fix the examples on the oinkcode page.
> >>>>>>> 
> >>>>>>> 
> >>>>>>> 
> >>>>>>> On Tue, 2012-10-09 at 17:12 +0000, Jeremy Hoel wrote:
> >>>>>>>> The answer is in the text file that you sent back.
> >>>>>>>> 
> >>>>>>>> 2012-10-04 14:07:24 ERROR 403: Forbidden.
> >>>>>>>> 
> >>>>>>>> so however you tried to get the file, it didn't work.  If you used
> >>>>>>>> wget and an oink code then you need to check the code.
> >>>>>>>> 
> >>>>>>>> 
> >>>>>>>> On Tue, Oct 9, 2012 at 4:59 PM, Akinwale Fasuru <fashman2k1 at ...131...> wrote:
> >>>>>>>>> Here is what i gath after running cat....
> >>>>>>>>> 
> >>>>>>>>> --2012-10-04 14:07:23--  http://www.snort.org/sub-rules/snortrules-snapshot-2931.tar.gz/3b6de1b425e1a20c6f85e705f3631bc958ad11db
> >>>>>>>>> Resolving www.snort.org... 23.23.170.170
> >>>>>>>>> Connecting to www.snort.org|23.23.170.170|:80... connected.
> >>>>>>>>> HTTP request sent, awaiting response... 403 Forbidden
> >>>>>>>>> 2012-10-04 14:07:24 ERROR 403: Forbidden.
> >>>>>>>>> 
> >>>>>>>>> 
> >>>>>>>>> What do u think?
> >>>>>>>>> 
> >>>>>>>>> 
> >>>>>>>>> --- On Tue, 10/9/12, Jeremy Hoel <jthoel at ...11827...> wrote:
> >>>>>>>>> 
> >>>>>>>>>> From: Jeremy Hoel <jthoel at ...11827...>
> >>>>>>>>>> Subject: Re: [Snort-users] Extracting snortrules-2931.tar.gz
> >>>>>>>>>> To: "Akinwale Fasuru" <fashman2k1 at ...131...>
> >>>>>>>>>> Cc: snort-users at lists.sourceforge.net
> >>>>>>>>>> Date: Tuesday, October 9, 2012, 11:53 AM
> >>>>>>>>>> to check the size of a file, go to
> >>>>>>>>>> the directory where the file is and
> >>>>>>>>>> run 'ls -al'.
> >>>>>>>>>> 
> >>>>>>>>>> But since 'file' said it's text and not a tar.gz or zip
> >>>>>>>>>> file, then
> >>>>>>>>>> that's the problem.  Your download is not correct.
> >>>>>>>>>> 
> >>>>>>>>>> go ahead and run 'cat snortrules-2931.tar.gz'
> >>>>>>>>>> 
> >>>>>>>>>> 
> >>>>>>>>>> 
> >>>>>>>>>> On Tue, Oct 9, 2012 at 4:50 PM, Akinwale Fasuru <fashman2k1 at ...131...>
> >>>>>>>>>> wrote:
> >>>>>>>>>>> I replied the email you sent earlier saying that i
> >>>>>>>>>> didnt know how to check for te size of the file. But i did
> >>>>>>>>>> rule the command u asked me here is the response
> >>>>>>>>>>> 
> >>>>>>>>>>> snortrules-2931.tar.gz: ASCII text
> >>>>>>>>>>> 
> >>>>>>>>>>> 
> >>>>>>>>>>> --- On Tue, 10/9/12, Jeremy Hoel <jthoel at ...11827...>
> >>>>>>>>>> wrote:
> >>>>>>>>>>> 
> >>>>>>>>>>>> From: Jeremy Hoel <jthoel at ...11827...>
> >>>>>>>>>>>> Subject: Re: [Snort-users] Extracting
> >>>>>>>>>> snortrules-2931.tar.gz
> >>>>>>>>>>>> To: "Akinwale Fasuru" <fashman2k1 at ...131...>
> >>>>>>>>>>>> Cc: snort-users at lists.sourceforge.net
> >>>>>>>>>>>> Date: Tuesday, October 9, 2012, 11:46 AM
> >>>>>>>>>>>> You never got back to me about the
> >>>>>>>>>>>> size of the file and if the file
> >>>>>>>>>>>> was complete.
> >>>>>>>>>>>> 
> >>>>>>>>>>>> the error makes it sound like it's not a tar.gz
> >>>>>>>>>> file.
> >>>>>>>>>>>> 
> >>>>>>>>>>>> you need to very you got the whole file and that
> >>>>>>>>>> it's not
> >>>>>>>>>>>> just a text error.
> >>>>>>>>>>>> 
> >>>>>>>>>>>> run 'file snortrules-2931.tar.gz' and see what it
> >>>>>>>>>> says.
> >>>>>>>>>>>> 
> >>>>>>>>>>>> On Tue, Oct 9, 2012 at 4:29 PM, Akinwale Fasuru
> >>>>>>>>>> <fashman2k1 at ...131...>
> >>>>>>>>>>>> wrote:
> >>>>>>>>>>>>> Hello everyone,
> >>>>>>>>>>>>> I am still having problems extracting
> >>>>>>>>>>>> snortrules-2931.tar.gz
> >>>>>>>>>>>>> 
> >>>>>>>>>>>>> tar -xzvf snortrules-2931.tar.gz
> >>>>>>>>>>>>>> I get this erro message
> >>>>>>>>>>>>>> 
> >>>>>>>>>>>>>> zip: stdin: not in gzip format
> >>>>>>>>>>>>>> 
> >>>>>>>>>>>>>> tar: Child returned status 1
> >>>>>>>>>>>>>> 
> >>>>>>>>>>>>>> tar: Error is not recoverable: exiting
> >>>>>>>>>> now
> >>>>>>>>>> ------------------------------------------------------------------------------
> >>>>>>>>>>>>> Don't let slow site performance ruin your
> >>>>>>>>>> business.
> >>>>>>>>>>>> Deploy New Relic APM
> >>>>>>>>>>>>> Deploy New Relic app performance management
> >>>>>>>>>> and know
> >>>>>>>>>>>> exactly
> >>>>>>>>>>>>> what is happening inside your Ruby, Python,
> >>>>>>>>>> PHP, Java,
> >>>>>>>>>>>> and .NET app
> >>>>>>>>>>>>> Try New Relic at no cost today and get our
> >>>>>>>>>> sweet Data
> >>>>>>>>>>>> Nerd shirt too!
> >>>>>>>>>>>>> http://p.sf.net/sfu/newrelic-dev2dev
> >>>>>>>>>> _______________________________________________
> >>>>>>>>>>>>> Snort-users mailing list
> >>>>>>>>>>>>> Snort-users at lists.sourceforge.net
> >>>>>>>>>>>>> Go to this URL to change user options or
> >>>>>>>>>> unsubscribe:
> >>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
> >>>>>>>>>>>>> Snort-users list archive:
> >>>>>>>>>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >>>>>>>>>>>>> 
> >>>>>>>>>>>>> Please visit http://blog.snort.org to stay current on
> >>>>>>>>>>>> all the latest Snort news!
> >>>>>>>> 
> >>>>>>>> ------------------------------------------------------------------------------
> >>>>>>>> Don't let slow site performance ruin your business. Deploy New Relic APM
> >>>>>>>> Deploy New Relic app performance management and know exactly
> >>>>>>>> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> >>>>>>>> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> >>>>>>>> http://p.sf.net/sfu/newrelic-dev2dev
> >>>>>>>> _______________________________________________
> >>>>>>>> Snort-users mailing list
> >>>>>>>> Snort-users at lists.sourceforge.net
> >>>>>>>> Go to this URL to change user options or unsubscribe:
> >>>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
> >>>>>>>> Snort-users list archive:
> >>>>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >>>>>>>> 
> >>>>>>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> > 
> > 
> > ------------------------------------------------------------------------------
> > Don't let slow site performance ruin your business. Deploy New Relic APM
> > Deploy New Relic app performance management and know exactly
> > what is happening inside your Ruby, Python, PHP, Java, and .NET app
> > Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> > http://p.sf.net/sfu/newrelic-dev2dev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > 
> > Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-users mailing list