[Snort-users] Problem Updating Rules with PulledPork

Michael Steele michaels at ...9077...
Thu Sep 19 12:03:29 EDT 2013


I use Strawberry Perl in all my Windows Intrusion Detection System (WinIDS) guided installs, and it appears Strawberry Perl adds and removes Perl distribution packages with every new release. The root cause of the OP’s problem is most likely a missing Perl distribution package, or an incompatible Perl distribution package.
 
There is NO list of required Perl distribution packages with minimum version numbers available for PulledPork. There are around 300 default Perl distribution packages installed for each release of Strawberry Perl. Perl distribution packages gets removed, and Perl distribution packages gets updated with each release of Strawberry Perl. As you can see this will cause a problem if there is no list of required Perl distribution packages with minimum versions numbers posted for PulledPork.
 
For all my Windows Intrusion Detection System (WinIDS) guided installs, Strawberry Perl version 5.14.2.1 (32 and 64bit) is installed fresh. The only other additional Perl distribution package required to make PulledPork work is the Perl syslog distribution package. If I use any newer version of Strawberry Perl on a fresh installation, PulledPork will fail. This is because Strawberry Perl default Perl distribution packages for that version has changed.
The solution for out of the box compatibility for Windows users is to use Strawberry Perl 5.14.2.1 along with installing the syslog distribution package. I don’t install PulledPork into a the initial Windows Intrusion Detection System (WinIDS) guided install. However, there is a Windows Intrusion Detection System (WinIDS) guided install for adding PulledPork into an existing Windows Intrusion Detection System (WinIDS), which  has all the links to the required files.
 
This is untested: It might be possible to use Strawberry Perl 5.14.2.1 for the initial install, and then update to the latest version. It would be a good idea to verify PulledPork is fully working under Strawberry Perl 5.14.2.1 before updating.
 
Hops this helps…
 
Best regards,
Michael...
 
WINSNORT.com Management…
--
****************** Established ~ 2001 *******************
*          Visit Us @  <http://www.winsnort.com/> http://www.winsnort.com           *
*      ~~ FREE WinIDS Snort installation guides ~~      *
*               ~~ FREE support forums ~~               *
* Snort: Open Source Network IDS -  <http://www.snort.org/> http://www.snort.org *
*********************************************************
 
From: Michael Steele [mailto:michaels at ...9077...] 
Sent: Wednesday, September 18, 2013 4:52 PM
To: 'JJ Cummings'; 'Benjamin Lincoln'
Cc: 'snort-users at lists.sourceforge.net'
Subject: RE: [Snort-users] Problem Updating Rules with PulledPork
 
You understand if you are not paying for rule updates that you can only download or try the download once every 15 minutes. Even if the rule update fails, you must wait 15 minutes.
 
Clear the assigned PulledPork temp folder and give it another try. You can also assign the PulledPork temp to the c:\windows\temp folder. Could be a permission problem? 
 
Best regards,
Michael...
 
WINSNORT.com Management…
--
****************** Established ~ 2001 *******************
*          Visit Us @  <http://www.winsnort.com/> http://www.winsnort.com           *
*      ~~ FREE WinIDS Snort installation guides ~~      *
*               ~~ FREE support forums ~~               *
* Snort: Open Source Network IDS -  <http://www.snort.org/> http://www.snort.org *
*********************************************************
 
From: JJ Cummings [ <mailto:cummingsj at ...11827...> mailto:cummingsj at ...13610...7...] 
Sent: Wednesday, September 18, 2013 1:14 PM
To: Benjamin Lincoln
Cc:  <mailto:snort-users at lists.sourceforge.net> snort-users at ...3471...ge.net
Subject: Re: [Snort-users] Problem Updating Rules with PulledPork
 
Something is causing the download to not complete correctly....

Sent from the iRoad

On Sep 18, 2013, at 10:46, Benjamin Lincoln < <mailto:BLincoln at ...15832...> BLincoln at ...15832...> wrote:
Hello,
 
I am currently running Snort 2.9.5.5 and Pulled Pork 0.7.0 on Windows 2008R2. When using pulled pork to update the rules, it will just keep trying to download new rules over and over again. I see the rule file getting created in the tmp directory, and it will grow to 18 kb, but then shrink back down to 8 kb after pulled pork tries to grab the file again. Basically, it will just keep saying the MD5 doesn’t match and try to keep re downloading the file. Any Ideas on this?
 
Benjamin Lincoln
IT Security Analyst Support
Banner Bank
Internal Ext. 53274
(509)524-5931
 
 
------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. 
 <http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk> http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
 <mailto:Snort-users at lists.sourceforge.net> Snort-users at ...973...et
Go to this URL to change user options or unsubscribe:
 <https://lists.sourceforge.net/lists/listinfo/snort-users> https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
 <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit  <http://blog.snort.org> http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130919/b01d39eb/attachment.html>


More information about the Snort-users mailing list