[Snort-users] Pulledpork not generating merged rules file on Windows

Michael Steele michaels at ...9077...
Mon Jul 22 21:26:56 EDT 2013


I finally got around to updating the online guided install for the latest
PulledPork 0.7.0, and tested. The configuration he is using works fine here.
The only difference is; I'm using drive 'D:' and he is using Drive 'C:'. It
has something to do with is folder permissions, proxy, or ????

Try changing the temp folder location to c:\windows\temp

Are you absolutely SURE the rules tarball is actually been downloaded to the
temp folder.

If you are trying multiple PP runs for testing, make SURE you clean the temp
folder before each run.

Just for clairification; In-between rule updates will PP process the
*.msg.map files, even if PP doesn't need to process any new rules tarballs? 

Best regards,
Michael...

WINSNORT.com Management

--
****************** Established ~ 2001 *******************
*          Visit Us @ http://www.winsnort.com           *
*      ~~ FREE WinIDS Snort installation guides ~~      *
*               ~~ FREE support forums ~~               *
* Snort: Open Source Network IDS - http://www.snort.org *
*********************************************************

-----Original Message-----
From: waldo kitty [mailto:wkitty42 at ...14940...] 
Sent: Monday, July 22, 2013 3:56 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Pulledpork not generating merged rules file on
Windows

On 7/22/2013 15:34, William Rehnquyst wrote:
[trim]
> Config File Variable Debug c:\winids\pulledpork\etc\pulledpork.conf
> local_rules = c:\winids\snort\rules\local.rules dropsid = 
> c:\winids\pulledpork\etc\dropsid.conf
> sid_msg_version = 1
> enablesid = c:\winids\pulledpork\etc\enablesid.conf
> ignore = deleted.rules,experimental.rules,local.rules
> modifysid = c:\winids\pulledpork\etc\modifysid.conf
> docs = c:\winids\inetpub\wwwroot\base\signatures\
> config_path = c:\winids\snort\etc\snort.conf disablesid = 
> c:\winids\pulledpork\etc\disablesid.conf
> sorule_path = /usr/local/lib/snort_dynamicrules/
> sid_msg = c:\winids\snort\etc\sid-msg.map sid_changelog = 
> c:\winids\snort\log\sid_changes.log
> snort_version = 2.9.4.6
> version = 0.7.0
> temp_path = c:\winids\pulledpork\temp
> rule_url = ARRAY(0x2808a5c)
> ips_policy = security
> rule_path = c:\winids\snort\rules\winids.rules
> distro = FreeBSD-8.1

you are on windows but this says differently... perhaps it is the cause? PP
may be looking for something from that OS that doesn't exist or is named
differently in winwhatever ;)

> snort_path = c:\winids\snort\bin\snort.exe MISC (CLI and Autovar) 
> Variable Debug:
> Config Path is: c:\winids\pulledpork\etc\pulledpork.conf
> Distro Def is: FreeBSD-8.1

and here it shows again...

> Docs Reference Location is: c:\winids\inetpub\wwwroot\base\signatures\
> security policy specified
> local.rules path is: c:\winids\snort\rules\local.rules No Download 
> Flag is Set Rules file is: c:\winids\snort\rules\winids.rules
> Path to disablesid file: c:\winids\pulledpork\etc\disablesid.conf
> Path to dropsid file: c:\winids\pulledpork\etc\dropsid.conf
> Path to enablesid file: c:\winids\pulledpork\etc\enablesid.conf
> Path to modifysid file: c:\winids\pulledpork\etc\modifysid.conf
[chomp]



-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

----------------------------------------------------------------------------
--
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!






More information about the Snort-users mailing list