[Snort-users] Pulled Pork 404 Errors?

Matt M. mr10001 at ...11827...
Fri Aug 29 17:44:02 EDT 2014


Here's my conf file line Y requested

rule_url=http://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|

Joel, you'll have an email in a sec.


On Fri, Aug 29, 2014 at 4:39 PM, Joel Esler (jesler) <jesler at ...589...>
wrote:

>  Can you email me your oinkcode off list?
>
>  We just verified everything is fine on the server side.
>
>
>
>  On Aug 29, 2014, at 4:52 PM, Matt M. <mr10001 at ...11827...> wrote:
>
>  Yeah, I've tried and still getting 422 errors.  I tried using HTTP/HTTPS
> and /rules/ and /reg-rules/... all the same 422 error.  I did add my oink
> code and tried regenerating it too.
>
>
> On Fri, Aug 29, 2014 at 3:29 PM, Y M <snort at ...15979...> wrote:
>
>>
>>
>>  ------------------------------
>> Date: Fri, 29 Aug 2014 15:24:43 -0500
>>
>> Subject: Re: [Snort-users] Pulled Pork 404 Errors?
>> From: mr10001 at ...11827...
>> To: snort at ...15979...
>> CC: snort-users at lists.sourceforge.net
>>
>>  That last error was my fault, wget did not work as expected.  I
>> replaced the pulledpork.conf file with what was on google code and I'm back
>> to error 422
>>
>>  The old conf file was using "http" instead of "https".  Ok, can you try
>> regenerating you oinkcode, and test? You can do so by logging into
>> snort.org. If that also does not work, then it may be not from your end,
>> just a guess.
>>
>>  YM
>>
>>
>>  Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
>> Error 422 when fetching
>> https://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5 at
>> /usr/local/bin/pulledpork.pl line 463.
>> main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/', '
>> https://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl
>>  line 1847
>>
>>
>> On Fri, Aug 29, 2014 at 3:19 PM, Matt M. <mr10001 at ...11827...> wrote:
>>
>> When I try using the conf file that you linked from google code and
>> run:sudo pulledpork.pl -c /etc/pulledpork/pulledpork.conf
>> I get an error:
>> You are not using the current version of pulledpork.conf!
>>
>> Please use the version that shipped with PulledPork v0.7.0 - Swine Flu!!
>>
>>
>> On Fri, Aug 29, 2014 at 3:14 PM, Matt M. <mr10001 at ...11827...> wrote:
>>
>> Now I receive a 422 error:
>>
>>  Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
>>  Error 422 when fetching
>> http://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5at
>> /usr/local/bin/pulledpork.pl line 463.
>>
>> main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/', '
>> http://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl line
>> 1847
>>
>>
>> On Fri, Aug 29, 2014 at 3:11 PM, Y M <snort at ...15979...> wrote:
>>
>>  Date: Fri, 29 Aug 2014 15:08:08 -0500
>> Subject: Re: [Snort-users] Pulled Pork 404 Errors?
>> From: mr10001 at ...11827...
>> To: snort at ...15979...
>> CC: snort-users at lists.sourceforge.net
>>
>>  You bet:
>>
>>  This is what I have...
>>
>>  rule_url=http://www.snort.org/rules/|snortrules-snapshot.tar.gz|
>> <oinkcode>
>>
>>
>>  Ok, I am not familiar with brew packages, but the URL above may be
>> wrong. Replace the "/rules/" with "/reg-rules/" and try again. From the
>> original pulledpork.conf:
>> https://code.google.com/p/pulledpork/source/browse/trunk/etc/pulledpork.conf
>>
>>  YM
>>
>>
>> On Fri, Aug 29, 2014 at 3:05 PM, Y M <snort at ...15979...> wrote:
>>
>>  Date: Fri, 29 Aug 2014 14:37:46 -0500
>> From: mr10001 at ...11827...
>> To: snort-users at lists.sourceforge.net
>> Subject: [Snort-users] Pulled Pork 404 Errors?
>>
>>  Total Noob Here,
>>
>>  I'm receiving the following error and cannot seem to figure out how to
>> resolve it:
>>  >Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
>> >A 404 error occurred, please verify your filenames and urls for your
>> tarball!
>> >Error 404 when fetching
>> https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5 at
>> /usr/local/bin/pulledpork.pl line 463.
>>
>>
>>  Can you post the "rule_url" from your pulledpork.conf? (without your
>> oinkcode).
>>
>>
>>
>> >main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/', '
>> https://www.snort.org/rules/') called at /usr/local/bin/pulledpork.pl line
>> 1847
>>
>>
>> I'm on OSX and used brew to install snort and pulled pork v0.7.0.  I've
>> tried modifying both the pullpork.pl and conf file to adjust the url's
>> by removing the ...org/reg-rules/ and change it to ...org/rules/ and even
>> tried to remove the "S" from HTTPS in the url's as well.
>> I'm I even in the right ballpark?
>> Thanks for any assistance with this,
>>
>>  --
>> M, CISSP, GCFE, GCFA
>>
>> *“*To disagree leads to study, to study leads to understanding, to
>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>> loving your theory.*”* -*John Wheeler*
>>
>> ------------------------------------------------------------------------------
>> Slashdot TV. Video for Nerds. Stuff that matters.http://tv.slashdot.org/
>>
>> _______________________________________________ Snort-users mailing list
>> Snort-users at lists.sourceforge.net Go to this URL to change user options
>> or unsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users
>> <https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users> list
>> archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please
>> visit http://blog.snort.org to stay current on all the latest Snort news!
>>
>>
>>
>>
>>
>>  --
>> Matt M., CISSP, GCFE, GCFA
>>
>> *“*To disagree leads to study, to study leads to understanding, to
>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>> loving your theory.*”* -*John Wheeler*
>>
>>
>>
>>
>>  --
>> Matt M., CISSP, GCFE, GCFA
>>
>> *“*To disagree leads to study, to study leads to understanding, to
>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>> loving your theory.*”* -*John Wheeler*
>>
>>
>>
>>
>>  --
>> Matt M., CISSP, GCFE, GCFA
>>
>> *“*To disagree leads to study, to study leads to understanding, to
>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>> loving your theory.*”* -*John Wheeler*
>>
>>
>>
>>
>>  --
>> Matt M., CISSP, GCFE, GCFA
>>
>> *“*To disagree leads to study, to study leads to understanding, to
>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>> loving your theory.*”* -*John Wheeler*
>>
>
>
>
>  --
> Matt M., CISSP, GCFE, GCFA
>
> *“*To disagree leads to study, to study leads to understanding, to
> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
> loving your theory.*”* -*John Wheeler*
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds.  Stuff that matters.
> http://tv.slashdot.org/_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
>


-- 
Matt M., CISSP, GCFE, GCFA

*“*To disagree leads to study, to study leads to understanding, to
understand is to appreciate, to appreciate is to love. So maybe I’ll end up
loving your theory.*”* -*John Wheeler*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140829/c4ddb416/attachment.html>


More information about the Snort-users mailing list