[Snort-users] Pulled Pork 404 Errors?

Matt M. mr10001 at ...11827...
Fri Aug 29 17:56:53 EDT 2014


Good News!

Joel was kind enough to point out my supreme intelligence... ;) I did not
remove <> from my oinkcode section.

However, now I'm running into 422 errors on the IP Blacklist download
section.


On Fri, Aug 29, 2014 at 4:44 PM, Matt M. <mr10001 at ...11827...> wrote:

> Here's my conf file line Y requested
>
> rule_url=http://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|
>
> Joel, you'll have an email in a sec.
>
>
> On Fri, Aug 29, 2014 at 4:39 PM, Joel Esler (jesler) <jesler at ...589...>
> wrote:
>
>>  Can you email me your oinkcode off list?
>>
>>  We just verified everything is fine on the server side.
>>
>>
>>
>>  On Aug 29, 2014, at 4:52 PM, Matt M. <mr10001 at ...11827...> wrote:
>>
>>  Yeah, I've tried and still getting 422 errors.  I tried using
>> HTTP/HTTPS and /rules/ and /reg-rules/... all the same 422 error.  I did
>> add my oink code and tried regenerating it too.
>>
>>
>> On Fri, Aug 29, 2014 at 3:29 PM, Y M <snort at ...15979...> wrote:
>>
>>>
>>>
>>>  ------------------------------
>>> Date: Fri, 29 Aug 2014 15:24:43 -0500
>>>
>>> Subject: Re: [Snort-users] Pulled Pork 404 Errors?
>>> From: mr10001 at ...11827...
>>> To: snort at ...15979...
>>> CC: snort-users at lists.sourceforge.net
>>>
>>>  That last error was my fault, wget did not work as expected.  I
>>> replaced the pulledpork.conf file with what was on google code and I'm back
>>> to error 422
>>>
>>>  The old conf file was using "http" instead of "https".  Ok, can you
>>> try regenerating you oinkcode, and test? You can do so by logging into
>>> snort.org. If that also does not work, then it may be not from your
>>> end, just a guess.
>>>
>>>  YM
>>>
>>>
>>>  Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
>>> Error 422 when fetching
>>> https://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5 at
>>> /usr/local/bin/pulledpork.pl line 463.
>>> main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/', '
>>> https://www.snort.org/reg-rules/') called at /usr/local/bin/
>>> pulledpork.pl line 1847
>>>
>>>
>>> On Fri, Aug 29, 2014 at 3:19 PM, Matt M. <mr10001 at ...11827...> wrote:
>>>
>>> When I try using the conf file that you linked from google code and
>>> run:sudo pulledpork.pl -c /etc/pulledpork/pulledpork.conf
>>> I get an error:
>>> You are not using the current version of pulledpork.conf!
>>>
>>> Please use the version that shipped with PulledPork v0.7.0 - Swine Flu!!
>>>
>>>
>>> On Fri, Aug 29, 2014 at 3:14 PM, Matt M. <mr10001 at ...11827...> wrote:
>>>
>>> Now I receive a 422 error:
>>>
>>>  Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
>>>  Error 422 when fetching
>>> http://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5at
>>> /usr/local/bin/pulledpork.pl line 463.
>>>
>>> main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/', '
>>> http://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl
>>>  line 1847
>>>
>>>
>>> On Fri, Aug 29, 2014 at 3:11 PM, Y M <snort at ...15979...> wrote:
>>>
>>>  Date: Fri, 29 Aug 2014 15:08:08 -0500
>>> Subject: Re: [Snort-users] Pulled Pork 404 Errors?
>>> From: mr10001 at ...11827...
>>> To: snort at ...15979...
>>> CC: snort-users at lists.sourceforge.net
>>>
>>>  You bet:
>>>
>>>  This is what I have...
>>>
>>>  rule_url=http://www.snort.org/rules/|snortrules-snapshot.tar.gz|
>>> <oinkcode>
>>>
>>>
>>>  Ok, I am not familiar with brew packages, but the URL above may be
>>> wrong. Replace the "/rules/" with "/reg-rules/" and try again. From the
>>> original pulledpork.conf:
>>> https://code.google.com/p/pulledpork/source/browse/trunk/etc/pulledpork.conf
>>>
>>>  YM
>>>
>>>
>>> On Fri, Aug 29, 2014 at 3:05 PM, Y M <snort at ...15979...> wrote:
>>>
>>>  Date: Fri, 29 Aug 2014 14:37:46 -0500
>>> From: mr10001 at ...11827...
>>> To: snort-users at lists.sourceforge.net
>>> Subject: [Snort-users] Pulled Pork 404 Errors?
>>>
>>>  Total Noob Here,
>>>
>>>  I'm receiving the following error and cannot seem to figure out how to
>>> resolve it:
>>>  >Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
>>> >A 404 error occurred, please verify your filenames and urls for your
>>> tarball!
>>> >Error 404 when fetching
>>> https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5 at
>>> /usr/local/bin/pulledpork.pl line 463.
>>>
>>>
>>>  Can you post the "rule_url" from your pulledpork.conf? (without your
>>> oinkcode).
>>>
>>>
>>>
>>> >main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/',
>>> 'https://www.snort.org/rules/') called at /usr/local/bin/pulledpork.pl line
>>> 1847
>>>
>>>
>>> I'm on OSX and used brew to install snort and pulled pork v0.7.0.  I've
>>> tried modifying both the pullpork.pl and conf file to adjust the url's
>>> by removing the ...org/reg-rules/ and change it to ...org/rules/ and even
>>> tried to remove the "S" from HTTPS in the url's as well.
>>> I'm I even in the right ballpark?
>>> Thanks for any assistance with this,
>>>
>>>  --
>>> M, CISSP, GCFE, GCFA
>>>
>>> *“*To disagree leads to study, to study leads to understanding, to
>>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>>> loving your theory.*”* -*John Wheeler*
>>>
>>> ------------------------------------------------------------------------------
>>> Slashdot TV. Video for Nerds. Stuff that matters.http://tv.slashdot.org/
>>>
>>> _______________________________________________ Snort-users mailing list
>>>  Snort-users at lists.sourceforge.net Go to this URL to change user
>>> options or unsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users
>>> <https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users> list
>>> archive:
>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please
>>> visit http://blog.snort.org to stay current on all the latest Snort
>>> news!
>>>
>>>
>>>
>>>
>>>  --
>>> Matt M., CISSP, GCFE, GCFA
>>>
>>> *“*To disagree leads to study, to study leads to understanding, to
>>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>>> loving your theory.*”* -*John Wheeler*
>>>
>>>
>>>
>>>
>>>  --
>>> Matt M., CISSP, GCFE, GCFA
>>>
>>> *“*To disagree leads to study, to study leads to understanding, to
>>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>>> loving your theory.*”* -*John Wheeler*
>>>
>>>
>>>
>>>
>>>  --
>>> Matt M., CISSP, GCFE, GCFA
>>>
>>> *“*To disagree leads to study, to study leads to understanding, to
>>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>>> loving your theory.*”* -*John Wheeler*
>>>
>>>
>>>
>>>
>>>  --
>>> Matt M., CISSP, GCFE, GCFA
>>>
>>> *“*To disagree leads to study, to study leads to understanding, to
>>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>>> loving your theory.*”* -*John Wheeler*
>>>
>>
>>
>>
>>  --
>> Matt M., CISSP, GCFE, GCFA
>>
>> *“*To disagree leads to study, to study leads to understanding, to
>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>> loving your theory.*”* -*John Wheeler*
>>
>> ------------------------------------------------------------------------------
>> Slashdot TV.
>> Video for Nerds.  Stuff that matters.
>> http://tv.slashdot.org/_______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>>
>>
>
>
> --
> Matt M., CISSP, GCFE, GCFA
>
> *“*To disagree leads to study, to study leads to understanding, to
> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
> loving your theory.*”* -*John Wheeler*
>



-- 
Matt M., CISSP, GCFE, GCFA

*“*To disagree leads to study, to study leads to understanding, to
understand is to appreciate, to appreciate is to love. So maybe I’ll end up
loving your theory.*”* -*John Wheeler*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140829/0f03e859/attachment.html>


More information about the Snort-users mailing list