[Snort-users] Error rules update

Joel Esler (jesler) jesler at ...589...
Wed Apr 30 16:05:25 EDT 2014


Please do not hijack someone else’s thread.  Please start your own thread.

https://github.com/vrtadmin/snort-faq/blob/master/Lists/What-is-the-mailing-list-nettiquete.md


On Apr 30, 2014, at 4:01 PM, Michel Renard <mich at ...16829...<mailto:mich at ...846....16829...>> wrote:

hello

either I'm stupid or I'm off base

I updated with snort

but I always have this error when updating rules

thank you for your help

/usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -T -l

    http://code.google.com/p/pulledpork/
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.0 - Swine Flu!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
  @_/        /  66\_  cummingsj at ...11827...<mailto:cummingsj at ...11827...>
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Checking latest MD5 for snortrules-snapshot-2961.tar.gz....
    Error 500 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2961.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 463
    main::md5file('<oinkcode>', 'snortrules-snapshot-2961.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl line 184



Michel
-----Message initial-----
De: Joel Esler (jesler) <jesler at ...589...<mailto:jesler at ...589...>>
Envoyé: mercredi 30 avril 2014 21:35
À: Jeremy Hoel <jthoel at ...11827...<mailto:jthoel at ...11827...>>
Cc: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Sujet: Re: [Snort-users] Error rules update

Dear Basant,

In order to look into this issue, I am going to need your Snort.org<http://snort.org/> username and email address.  Please feel free to email me directly with that information.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team


On Apr 30, 2014, at 2:53 PM, Jeremy Hoel <jthoel at ...11827...<mailto:jthoel at ...11827...>> wrote:

pulledpork uses by default the version of snort that you have installed.  newer versions of the rulesets won't run on your old install.

If you mean that you manually set the snort version in the pulledpork config and you are still getting the errors, do you have your oink code set properly and/or are you using a http proxy?




On Wed, Apr 30, 2014 at 6:24 PM, basant subba <basantsubba at ...11827...<mailto:basantsubba at ...11827...>> wrote:
It doesn't work for snortrules-snapshot-2946.tar.gz<http://snort.org/downloads/2866>, snortrules-snapshot-2956.tar.gz<http://snort.org/downloads/2866> and snortrules-snapshot-2960.tar.gz<http://snort.org/downloads/2866> which are all listed in Registered User list in Snort home-page. Getting the same error. How to get over this problem? Have been stuck up with this problem for quite sometime now.


On Wed, Apr 30, 2014 at 9:11 PM, waldo kitty <wkitty42 at ...14940...<mailto:wkitty42 at ...14940...>> wrote:
On 4/30/2014 11:00 AM, Michel Renard wrote:
> https://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz.md5 at

there's your problem right there... 2.9.3.1 is no longer supported as it is EoL
(End of Life)... it has been EoL since 2013 Sep 30...

http://blog.snort.org/2013/09/snort-2931-is-now-eol-for-rule-support.html



--
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!


------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!


------------------------------------------------------------------------------

"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE

Instantly run your Selenium tests across 300+ browser/OS combos.  Get

unparalleled scalability from the best Selenium testing platform available.

Simple to use. Nothing to install. Get started now for free."

http://p.sf.net/sfu/SauceLabs

_______________________________________________

Snort-users mailing list

Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>

Go to this URL to change user options or unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users



Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140430/11de7b09/attachment.html>


More information about the Snort-users mailing list