[Snort-users] Pulled Pork 404 Errors?

Matt M. mr10001 at ...11827...
Fri Aug 29 16:19:48 EDT 2014


When I try using the conf file that you linked from google code and run:

sudo pulledpork.pl -c /etc/pulledpork/pulledpork.conf

I get an error:

You are not using the current version of pulledpork.conf!

Please use the version that shipped with PulledPork v0.7.0 - Swine Flu!!


On Fri, Aug 29, 2014 at 3:14 PM, Matt M. <mr10001 at ...11827...> wrote:

> Now I receive a 422 error:
>
> Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
>
> Error 422 when fetching
> http://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5 at
> /usr/local/bin/pulledpork.pl line 463.
>
> main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/', '
> http://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl
> line 1847
>
>
> On Fri, Aug 29, 2014 at 3:11 PM, Y M <snort at ...15979...> wrote:
>
>> Date: Fri, 29 Aug 2014 15:08:08 -0500
>> Subject: Re: [Snort-users] Pulled Pork 404 Errors?
>> From: mr10001 at ...11827...
>> To: snort at ...15979...
>> CC: snort-users at lists.sourceforge.net
>>
>> You bet:
>>
>> This is what I have...
>>
>> rule_url=http://www.snort.org/rules/|snortrules-snapshot.tar.gz|
>> <oinkcode>
>>
>>
>> Ok, I am not familiar with brew packages, but the URL above may be wrong.
>> Replace the "/rules/" with "/reg-rules/" and try again. From the original
>> pulledpork.conf:
>> https://code.google.com/p/pulledpork/source/browse/trunk/etc/pulledpork.conf
>>
>> YM
>>
>>
>> On Fri, Aug 29, 2014 at 3:05 PM, Y M <snort at ...15979...> wrote:
>>
>> Date: Fri, 29 Aug 2014 14:37:46 -0500
>> From: mr10001 at ...11827...
>> To: snort-users at lists.sourceforge.net
>> Subject: [Snort-users] Pulled Pork 404 Errors?
>>
>> Total Noob Here,
>>
>> I'm receiving the following error and cannot seem to figure out how to
>> resolve it:
>>  >Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
>> >A 404 error occurred, please verify your filenames and urls for your
>> tarball!
>> >Error 404 when fetching
>> https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5 at
>> /usr/local/bin/pulledpork.pl line 463.
>>
>>
>> Can you post the "rule_url" from your pulledpork.conf? (without your
>> oinkcode).
>>
>>
>>
>> >main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/', '
>> https://www.snort.org/rules/') called at /usr/local/bin/pulledpork.pl
>> line 1847
>>
>>
>> I'm on OSX and used brew to install snort and pulled pork v0.7.0.  I've
>> tried modifying both the pullpork.pl and conf file to adjust the url's
>> by removing the ...org/reg-rules/ and change it to ...org/rules/ and even
>> tried to remove the "S" from HTTPS in the url's as well.
>> I'm I even in the right ballpark?
>> Thanks for any assistance with this,
>>
>> --
>> M, CISSP, GCFE, GCFA
>>
>> *“*To disagree leads to study, to study leads to understanding, to
>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>> loving your theory.*”* -*John Wheeler*
>>
>> ------------------------------------------------------------------------------
>> Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/
>> _______________________________________________ Snort-users mailing list
>> Snort-users at lists.sourceforge.net Go to this URL to change user options
>> or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users
>> <https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users>
>> list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>>
>>
>>
>> --
>> Matt M., CISSP, GCFE, GCFA
>>
>> *“*To disagree leads to study, to study leads to understanding, to
>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>> loving your theory.*”* -*John Wheeler*
>>
>
>
>
> --
> Matt M., CISSP, GCFE, GCFA
>
> *“*To disagree leads to study, to study leads to understanding, to
> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
> loving your theory.*”* -*John Wheeler*
>



-- 
Matt M., CISSP, GCFE, GCFA

*“*To disagree leads to study, to study leads to understanding, to
understand is to appreciate, to appreciate is to love. So maybe I’ll end up
loving your theory.*”* -*John Wheeler*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140829/fb0d1e41/attachment.html>


More information about the Snort-users mailing list