[Snort-users] Extracting snortrules-2931.tar.gz

AllowOverride allowoverride at ...11827...
Wed Oct 10 12:12:38 EDT 2012


no you joel,,, you are cool with me. however, i cant say that about a
few users on here. id rather they blast me privately than the whole
group. anyfoo... thanks for your help as always. :)

On Wed, 2012-10-10 at 11:58 -0400, Joel Esler wrote:
> On Oct 10, 2012, at 11:55 AM, AllowOverride <allowoverride at ...11827...> wrote:
> 
> > yes joel i do. that is what have been saying... i pasted the link, but
> > im not going to be a dick and make you look like a fool for not reading
> > my emails, like some assholes are doing on here….
> 
> Everyone has a right to their opinion.  Even if it's wrong.
> 
> > here is the link again. I sign in, click the oinkcode link, it's right
> > there. im just trying to save someone else a hassle or have to ask the
> > list again, for which they will be called a moron for even asking,,, 
> 
> For the record, I don't think we've ever called anyone a moron.
> 
> > see my point....  that's the other point.
> > 
> > thanks
> > 
> > https://www.snort.org/
> > 
> > then:
> > 
> > https://www.snort.org/account/oinkcode
> > 
> 
> That page says 2931 for me.  Did you refresh?  Can you log out, log back in?
> 
> 
> > 
> > 
> > On Wed, 2012-10-10 at 11:50 -0400, Joel Esler wrote:
> >> I don't know.  Do you see somewhere where it says 2900?  
> >> 
> >> 
> >> On Oct 10, 2012, at 11:42 AM, AllowOverride <allowoverride at ...11827...> wrote:
> >> 
> >>> if it was fixed, then why did i complain more?
> >>> 
> >>> On Wed, 2012-10-10 at 09:44 -0400, Joel Esler wrote:
> >>>> This has been fixe.
> >>>> 
> >>>> On Oct 9, 2012, at 9:17 PM, AllowOverride <allowoverride at ...11827...> wrote:
> >>>> 
> >>>>> thanks joel, i know i could have looked around more, but i figure
> >>>>> consistency across the site should be mentioned. thanks
> >>>>> 
> >>>>> On Tue, 2012-10-09 at 20:56 -0400, Joel Esler wrote:
> >>>>>> I'll get this fixed. 
> >>>>>> 
> >>>>>> Sent from my iPhone
> >>>>>> 
> >>>>>> On Oct 9, 2012, at 8:41 PM, AllowOverride <allowoverride at ...11827...> wrote:
> >>>>>> 
> >>>>>>> i am referring to this page:
> >>>>>>> 
> >>>>>>> https://www.snort.org/account/oinkcode
> >>>>>>> 
> >>>>>>> its NOT right there for you, it says 2900.
> >>>>>>> i see what your are talking about, but others surely wont...
> >>>>>>> 
> >>>>>>> the process is, you read the config, you substitute what is displayed on
> >>>>>>> that link. it wont work, UNLESS you know the file name, by clicking 
> >>>>>>> a diff page on snort.org. sorry, but i didn't see that page until much
> >>>>>>> later, the one you referred too. so when someone updates the page, i
> >>>>>>> figure, incase someone takes the same path i do, and copies the link as
> >>>>>>> is, with their oinkcode attached, which logically you would do at first
> >>>>>>> glance, as you are using it for pulledpork.conf. this discussion is the
> >>>>>>> result. 
> >>>>>>> 
> >>>>>>> i figure if they update the page you found first time, with 2931, so
> >>>>>>> that we can cut paste it, to use with pp.pl, then there will be no
> >>>>>>> problems. thats all, nothing more, 
> >>>>>>> 
> >>>>>>> On Tue, 2012-10-09 at 20:17 +0000, Jeremy Hoel wrote:
> >>>>>>>> And like i said in the email before you responded, you can find the
> >>>>>>>> file name right from the website.. when you click download rules.
> >>>>>>>> http://snort.org/snort-rules/?
> >>>>>>>> 
> >>>>>>>> Snort v2.9
> >>>>>>>> MD5 - 09 Oct, 2012
> >>>>>>>> snortrules-snapshot-2931.tar.gz
> >>>>>>>> MD5 - 09 Oct, 2012
> >>>>>>>> snortrules-snapshot-2912.tar.gz
> >>>>>>>> MD5 - 09 Oct, 2012
> >>>>>>>> snortrules-snapshot-2923.tar.gz
> >>>>>>>> MD5 - 09 Oct, 2012
> >>>>>>>> snortrules-snapshot-2930.tar.gz
> >>>>>>>> 
> >>>>>>>> 
> >>>>>>>> 
> >>>>>>>> It's right there.. you just have to look at the page.  Reading is fundamental.
> >>>>>>>> 
> >>>>>>>> 
> >>>>>>>> 
> >>>>>>>> 
> >>>>>>>> On Tue, Oct 9, 2012 at 8:16 PM, AllowOverride <allowoverride at ...11827...> wrote:
> >>>>>>>>> we dont know the file name!!! sheshh
> >>>>>>>>> 
> >>>>>>>>> On Tue, 2012-10-09 at 20:02 +0000, Jeremy Hoel wrote:
> >>>>>>>>>> The page shows:
> >>>>>>>>>> 
> >>>>>>>>>> wget http://www.snort.org/sub-rules/<filename>/<oinkcode here> \
> >>>>>>>>>>          -O <output-filename>
> >>>>>>>>>> 
> >>>>>>>>>> 
> >>>>>>>>>> It's pretty clear.  put the proper, correct, current filename where is
> >>>>>>>>>> says filename and things work.  They shouldn't have to hold hands and
> >>>>>>>>>> walk through the whole thing.
> >>>>>>>>>> 
> >>>>>>>>>> When you try and use examples you have to expect and realize that the
> >>>>>>>>>> example might be out of date and maybe try and figure out what it
> >>>>>>>>>> might take to make it work.
> >>>>>>>>>> 
> >>>>>>>>>> 
> >>>>>>>>>> 
> >>>>>>>>>> On Tue, Oct 9, 2012 at 7:51 PM, AllowOverride <allowoverride at ...11827...> wrote:
> >>>>>>>>>>> when i say something doesnt work, i mean, it doesnt work:
> >>>>>>>>>>> 
> >>>>>>>>>>> wget
> >>>>>>>>>>> http://www.snort.org/sub-rules/snortrules-snapshot-2900.tar.gz/hidden-sorry--2012-10-09 12:44:42--  http://www.snort.org/sub-rules/snortrules-snapshot-2900.tar.gz/hidden-sorry
> >>>>>>>>>>> Resolving www.snort.org... 23.23.170.170
> >>>>>>>>>>> Connecting to www.snort.org|23.23.170.170|:80... connected.
> >>>>>>>>>>> HTTP request sent, awaiting response... 403 Forbidden
> >>>>>>>>>>> 2012-10-09 12:44:42 ERROR 403: Forbidden.
> >>>>>>>>>>> 
> >>>>>>>>>>> wget
> >>>>>>>>>>> http://www.snort.org/reg-rules/snortrules-snapshot-2900.tar.gz/sorry-hidden
> >>>>>>>>>>> --2012-10-09 12:45:54--
> >>>>>>>>>>> http://www.snort.org/reg-rules/snortrules-snapshot-2900.tar.gz/sorry-hidden
> >>>>>>>>>>> Resolving www.snort.org... 23.23.143.143
> >>>>>>>>>>> Connecting to www.snort.org|23.23.143.143|:80... connected.
> >>>>>>>>>>> HTTP request sent, awaiting response... 403 Forbidden
> >>>>>>>>>>> 2012-10-09 12:45:56 ERROR 403: Forbidden.
> >>>>>>>>>>> 
> >>>>>>>>>>> and just for good measure
> >>>>>>>>>>> 
> >>>>>>>>>>> wget
> >>>>>>>>>>> http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/sorry-hidden
> >>>>>>>>>>> --2012-10-09 12:47:03--
> >>>>>>>>>>> http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/hidden-again
> >>>>>>>>>>> Resolving www.snort.org... 23.23.170.170
> >>>>>>>>>>> Connecting to www.snort.org|23.23.170.170|:80... connected.
> >>>>>>>>>>> HTTP request sent, awaiting response... 403 Forbidden
> >>>>>>>>>>> 2012-10-09 12:47:04 ERROR 403: Forbidden.
> >>>>>>>>>>> 
> >>>>>>>>>>> 
> >>>>>>>>>>> now. the last one shouldn't work, becuz im not a register user
> >>>>>>>>>>> the sub rules works if you know what you are doing...
> >>>>>>>>>>> 
> >>>>>>>>>>> If you include 2931 inplace of 2900 it will work, only if you are in the
> >>>>>>>>>>> system for oinkcode. BUT, that is not what is autopopulated for you on
> >>>>>>>>>>> the oinkcode page. it says, 2900. it wont work.
> >>>>>>>>>>> 
> >>>>>>>>>>> all i am saying fix is, change it to reflect the CURRENT version. thats
> >>>>>>>>>>> all. not everyone will catch it, and ya know, end up asking the question
> >>>>>>>>>>> here.
> >>>>>>>>>>> 
> >>>>>>>>>>> let's let the developers put the current version as well. takes what, 2
> >>>>>>>>>>> seconds and saves users HOURS of wtf.. headaches...
> >>>>>>>>>>> 
> >>>>>>>>>>> thanks
> >>>>>>>>>>> 
> >>>>>>>>>>> 
> >>>>>>>>>>> 
> >>>>>>>>>>> On Tue, 2012-10-09 at 19:19 +0000, Jeremy Hoel wrote:
> >>>>>>>>>>>> The link he was using worked fine for me. I tested the get and got the
> >>>>>>>>>>>> rules with no no problem.. with the link he had. His problem is not
> >>>>>>>>>>>> related to a bad link.
> >>>>>>>>>>>> 
> >>>>>>>>>>>> The examples show that you need a file name
> >>>>>>>>>>>> (http://snort.org/snort-rules/cli) and when you go to the page before,
> >>>>>>>>>>>> the main download page (http://snort.org/snort-rules/?), it shows the
> >>>>>>>>>>>> file names. They are not trying to make this overly confusing and
> >>>>>>>>>>>> hard.. but it does require some effort and understanding on the
> >>>>>>>>>>>> installers part. Or, you could sign in and grab them from the gui, or
> >>>>>>>>>>>> use pullpork.  3 different methods to get the rules..
> >>>>>>>>>>>> 
> >>>>>>>>>>>> The examples are generic enough that they don't have to change
> >>>>>>>>>>>> whenever the rule file changes.  Lets let the developers work on
> >>>>>>>>>>>> keeping the software fixed and nor worry about the web page not having
> >>>>>>>>>>>> the most specific instructions.
> >>>>>>>>>>>> 
> >>>>>>>>>>>> 
> >>>>>>>>>>>> On Tue, Oct 9, 2012 at 7:12 PM, AllowOverride <allowoverride at ...11827...> wrote:
> >>>>>>>>>>>>> jer,
> >>>>>>>>>>>>> i tried the preferred method displayed on oinkcode page.
> >>>>>>>>>>>>> it doesnt work for sub/reg unless you know to put 2931. also, other
> >>>>>>>>>>>>> methods of wget'ing the url according to docs are supposed to work but
> >>>>>>>>>>>>> do not, unless know the exact file name, and thats not always easy to
> >>>>>>>>>>>>> find on the ftp site, or by other methods.
> >>>>>>>>>>>>> 
> >>>>>>>>>>>>> just a heads up, that kept me off task for a few days trying to figure
> >>>>>>>>>>>>> it out.
> >>>>>>>>>>>>> 
> >>>>>>>>>>>>> suggestion... fix the examples on the oinkcode page.
> >>>>>>>>>>>>> 
> >>>>>>>>>>>>> 
> >>>>>>>>>>>>> 
> >>>>>>>>>>>>> On Tue, 2012-10-09 at 17:12 +0000, Jeremy Hoel wrote:
> >>>>>>>>>>>>>> The answer is in the text file that you sent back.
> >>>>>>>>>>>>>> 
> >>>>>>>>>>>>>> 2012-10-04 14:07:24 ERROR 403: Forbidden.
> >>>>>>>>>>>>>> 
> >>>>>>>>>>>>>> so however you tried to get the file, it didn't work.  If you used
> >>>>>>>>>>>>>> wget and an oink code then you need to check the code.
> >>>>>>>>>>>>>> 
> >>>>>>>>>>>>>> 
> >>>>>>>>>>>>>> On Tue, Oct 9, 2012 at 4:59 PM, Akinwale Fasuru <fashman2k1 at ...131...> wrote:
> >>>>>>>>>>>>>>> Here is what i gath after running cat....
> >>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>> --2012-10-04 14:07:23--  http://www.snort.org/sub-rules/snortrules-snapshot-2931.tar.gz/3b6de1b425e1a20c6f85e705f3631bc958ad11db
> >>>>>>>>>>>>>>> Resolving www.snort.org... 23.23.170.170
> >>>>>>>>>>>>>>> Connecting to www.snort.org|23.23.170.170|:80... connected.
> >>>>>>>>>>>>>>> HTTP request sent, awaiting response... 403 Forbidden
> >>>>>>>>>>>>>>> 2012-10-04 14:07:24 ERROR 403: Forbidden.
> >>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>> What do u think?
> >>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>> --- On Tue, 10/9/12, Jeremy Hoel <jthoel at ...11827...> wrote:
> >>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>>> From: Jeremy Hoel <jthoel at ...11827...>
> >>>>>>>>>>>>>>>> Subject: Re: [Snort-users] Extracting snortrules-2931.tar.gz
> >>>>>>>>>>>>>>>> To: "Akinwale Fasuru" <fashman2k1 at ...131...>
> >>>>>>>>>>>>>>>> Cc: snort-users at lists.sourceforge.net
> >>>>>>>>>>>>>>>> Date: Tuesday, October 9, 2012, 11:53 AM
> >>>>>>>>>>>>>>>> to check the size of a file, go to
> >>>>>>>>>>>>>>>> the directory where the file is and
> >>>>>>>>>>>>>>>> run 'ls -al'.
> >>>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>>> But since 'file' said it's text and not a tar.gz or zip
> >>>>>>>>>>>>>>>> file, then
> >>>>>>>>>>>>>>>> that's the problem.  Your download is not correct.
> >>>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>>> go ahead and run 'cat snortrules-2931.tar.gz'
> >>>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>>> On Tue, Oct 9, 2012 at 4:50 PM, Akinwale Fasuru <fashman2k1 at ...131...>
> >>>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>>>> I replied the email you sent earlier saying that i
> >>>>>>>>>>>>>>>> didnt know how to check for te size of the file. But i did
> >>>>>>>>>>>>>>>> rule the command u asked me here is the response
> >>>>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>>>> snortrules-2931.tar.gz: ASCII text
> >>>>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>>>> --- On Tue, 10/9/12, Jeremy Hoel <jthoel at ...11827...>
> >>>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>>>>> From: Jeremy Hoel <jthoel at ...11827...>
> >>>>>>>>>>>>>>>>>> Subject: Re: [Snort-users] Extracting
> >>>>>>>>>>>>>>>> snortrules-2931.tar.gz
> >>>>>>>>>>>>>>>>>> To: "Akinwale Fasuru" <fashman2k1 at ...131...>
> >>>>>>>>>>>>>>>>>> Cc: snort-users at lists.sourceforge.net
> >>>>>>>>>>>>>>>>>> Date: Tuesday, October 9, 2012, 11:46 AM
> >>>>>>>>>>>>>>>>>> You never got back to me about the
> >>>>>>>>>>>>>>>>>> size of the file and if the file
> >>>>>>>>>>>>>>>>>> was complete.
> >>>>>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>>>>> the error makes it sound like it's not a tar.gz
> >>>>>>>>>>>>>>>> file.
> >>>>>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>>>>> you need to very you got the whole file and that
> >>>>>>>>>>>>>>>> it's not
> >>>>>>>>>>>>>>>>>> just a text error.
> >>>>>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>>>>> run 'file snortrules-2931.tar.gz' and see what it
> >>>>>>>>>>>>>>>> says.
> >>>>>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>>>>> On Tue, Oct 9, 2012 at 4:29 PM, Akinwale Fasuru
> >>>>>>>>>>>>>>>> <fashman2k1 at ...131...>
> >>>>>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>>>>>> Hello everyone,
> >>>>>>>>>>>>>>>>>>> I am still having problems extracting
> >>>>>>>>>>>>>>>>>> snortrules-2931.tar.gz
> >>>>>>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>>>>>> tar -xzvf snortrules-2931.tar.gz
> >>>>>>>>>>>>>>>>>>>> I get this erro message
> >>>>>>>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>>>>>>> zip: stdin: not in gzip format
> >>>>>>>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>>>>>>> tar: Child returned status 1
> >>>>>>>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>>>>>>> tar: Error is not recoverable: exiting
> >>>>>>>>>>>>>>>> now
> >>>>>>>>>>>>>>>> ------------------------------------------------------------------------------
> >>>>>>>>>>>>>>>>>>> Don't let slow site performance ruin your
> >>>>>>>>>>>>>>>> business.
> >>>>>>>>>>>>>>>>>> Deploy New Relic APM
> >>>>>>>>>>>>>>>>>>> Deploy New Relic app performance management
> >>>>>>>>>>>>>>>> and know
> >>>>>>>>>>>>>>>>>> exactly
> >>>>>>>>>>>>>>>>>>> what is happening inside your Ruby, Python,
> >>>>>>>>>>>>>>>> PHP, Java,
> >>>>>>>>>>>>>>>>>> and .NET app
> >>>>>>>>>>>>>>>>>>> Try New Relic at no cost today and get our
> >>>>>>>>>>>>>>>> sweet Data
> >>>>>>>>>>>>>>>>>> Nerd shirt too!
> >>>>>>>>>>>>>>>>>>> http://p.sf.net/sfu/newrelic-dev2dev
> >>>>>>>>>>>>>>>> _______________________________________________
> >>>>>>>>>>>>>>>>>>> Snort-users mailing list
> >>>>>>>>>>>>>>>>>>> Snort-users at lists.sourceforge.net
> >>>>>>>>>>>>>>>>>>> Go to this URL to change user options or
> >>>>>>>>>>>>>>>> unsubscribe:
> >>>>>>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
> >>>>>>>>>>>>>>>>>>> Snort-users list archive:
> >>>>>>>>>>>>>>>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >>>>>>>>>>>>>>>>>>> 
> >>>>>>>>>>>>>>>>>>> Please visit http://blog.snort.org to stay current on
> >>>>>>>>>>>>>>>>>> all the latest Snort news!
> >>>>>>>>>>>>>> 
> >>>>>>>>>>>>>> ------------------------------------------------------------------------------
> >>>>>>>>>>>>>> Don't let slow site performance ruin your business. Deploy New Relic APM
> >>>>>>>>>>>>>> Deploy New Relic app performance management and know exactly
> >>>>>>>>>>>>>> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> >>>>>>>>>>>>>> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> >>>>>>>>>>>>>> http://p.sf.net/sfu/newrelic-dev2dev
> >>>>>>>>>>>>>> _______________________________________________
> >>>>>>>>>>>>>> Snort-users mailing list
> >>>>>>>>>>>>>> Snort-users at lists.sourceforge.net
> >>>>>>>>>>>>>> Go to this URL to change user options or unsubscribe:
> >>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
> >>>>>>>>>>>>>> Snort-users list archive:
> >>>>>>>>>>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >>>>>>>>>>>>>> 
> >>>>>>>>>>>>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> >>>>>>> 
> >>>>>>> 
> >>>>>>> ------------------------------------------------------------------------------
> >>>>>>> Don't let slow site performance ruin your business. Deploy New Relic APM
> >>>>>>> Deploy New Relic app performance management and know exactly
> >>>>>>> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> >>>>>>> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> >>>>>>> http://p.sf.net/sfu/newrelic-dev2dev
> >>>>>>> _______________________________________________
> >>>>>>> Snort-users mailing list
> >>>>>>> Snort-users at lists.sourceforge.net
> >>>>>>> Go to this URL to change user options or unsubscribe:
> >>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
> >>>>>>> Snort-users list archive:
> >>>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >>>>>>> 
> >>>>>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> >>>>> 
> >>>> 
> >>> 
> >> 
> > 
> 





More information about the Snort-users mailing list