[Snort-users] Pulled Pork 404 Errors?

Joel Esler (jesler) jesler at ...589...
Fri Aug 29 17:39:03 EDT 2014


Can you email me your oinkcode off list?

We just verified everything is fine on the server side.



On Aug 29, 2014, at 4:52 PM, Matt M. <mr10001 at ...11827...<mailto:mr10001 at ...11827...>> wrote:

Yeah, I've tried and still getting 422 errors.  I tried using HTTP/HTTPS and /rules/ and /reg-rules/... all the same 422 error.  I did add my oink code and tried regenerating it too.


On Fri, Aug 29, 2014 at 3:29 PM, Y M <snort at ...15979...<mailto:snort at ...15979...>> wrote:


________________________________
Date: Fri, 29 Aug 2014 15:24:43 -0500

Subject: Re: [Snort-users] Pulled Pork 404 Errors?
From: mr10001 at ...11827...<mailto:mr10001 at ...11827...>
To: snort at ...15979...<mailto:snort at ...15979...>
CC: snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>

That last error was my fault, wget did not work as expected.  I replaced the pulledpork.conf file with what was on google code and I'm back to error 422

The old conf file was using "http" instead of "https".  Ok, can you try regenerating you oinkcode, and test? You can do so by logging into snort.org<http://snort.org/>. If that also does not work, then it may be not from your end, just a guess.

YM


Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
Error 422 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5 at /usr/local/bin/pulledpork.pl<http://pulledpork.pl/> line 463.
main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl<http://pulledpork.pl/> line 1847


On Fri, Aug 29, 2014 at 3:19 PM, Matt M. <mr10001 at ...11827...<mailto:mr10001 at ...11827...>> wrote:
When I try using the conf file that you linked from google code and run:sudo pulledpork.pl<http://pulledpork.pl/> -c /etc/pulledpork/pulledpork.conf
I get an error:
You are not using the current version of pulledpork.conf!

Please use the version that shipped with PulledPork v0.7.0 - Swine Flu!!


On Fri, Aug 29, 2014 at 3:14 PM, Matt M. <mr10001 at ...11827...<mailto:mr10001 at ...11827...>> wrote:
Now I receive a 422 error:

Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
Error 422 when fetching http://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5at /usr/local/bin/pulledpork.pl<http://pulledpork.pl/> line 463.
main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/', 'http://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl<http://pulledpork.pl/> line 1847


On Fri, Aug 29, 2014 at 3:11 PM, Y M <snort at ...15979...<mailto:snort at ...15979...>> wrote:
Date: Fri, 29 Aug 2014 15:08:08 -0500
Subject: Re: [Snort-users] Pulled Pork 404 Errors?
From: mr10001 at ...11827...<mailto:mr10001 at ...11827...>
To: snort at ...15979...<mailto:snort at ...15979...>
CC: snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>

You bet:

This is what I have...

rule_url=http://www.snort.org/rules/|snortrules-snapshot.tar.gz|<http://www.snort.org/rules/%7csnortrules-snapshot.tar.gz%7c><oinkcode>


Ok, I am not familiar with brew packages, but the URL above may be wrong. Replace the "/rules/" with "/reg-rules/" and try again. From the original pulledpork.conf: https://code.google.com/p/pulledpork/source/browse/trunk/etc/pulledpork.conf

YM


On Fri, Aug 29, 2014 at 3:05 PM, Y M <snort at ...15979...<mailto:snort at ...15979...>> wrote:
Date: Fri, 29 Aug 2014 14:37:46 -0500
From: mr10001 at ...11827...<mailto:mr10001 at ...11827...>
To: snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>
Subject: [Snort-users] Pulled Pork 404 Errors?

Total Noob Here,

I'm receiving the following error and cannot seem to figure out how to resolve it:
>Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
>A 404 error occurred, please verify your filenames and urls for your tarball!
>Error 404 when fetching https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5 at /usr/local/bin/pulledpork.pl<http://pulledpork.pl/> line 463.


Can you post the "rule_url" from your pulledpork.conf? (without your oinkcode).



>main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/', 'https://www.snort.org/rules/') called at /usr/local/bin/pulledpork.pl<http://pulledpork.pl/> line 1847


I'm on OSX and used brew to install snort and pulled pork v0.7.0.  I've tried modifying both the pullpork.pl<http://pullpork.pl/> and conf file to adjust the url's by removing the ...org/reg-rules/ and change it to ...org/rules/ and even tried to remove the "S" from HTTPS in the url's as well.
I'm I even in the right ballpark?
Thanks for any assistance with this,

--
M, CISSP, GCFE, GCFA

“To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler

------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters.http://tv.slashdot.org/
_______________________________________________ Snort-users mailing list Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net> Go to this URL to change user options or unsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users> list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!



--
Matt M., CISSP, GCFE, GCFA

“To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler



--
Matt M., CISSP, GCFE, GCFA

“To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler



--
Matt M., CISSP, GCFE, GCFA

“To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler



--
Matt M., CISSP, GCFE, GCFA

“To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler



--
Matt M., CISSP, GCFE, GCFA

“To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140829/a76e2bb1/attachment.html>


More information about the Snort-users mailing list