[Snort-users] Pulled Pork 404 Errors?

Matt M. mr10001 at ...11827...
Fri Aug 29 18:03:00 EDT 2014


More good news!

The 422 error was caused by an incorrect oinkcode, it's all better now.

Thanks everyone!


On Fri, Aug 29, 2014 at 4:56 PM, Matt M. <mr10001 at ...11827...> wrote:

> Good News!
>
> Joel was kind enough to point out my supreme intelligence... ;) I did not
> remove <> from my oinkcode section.
>
> However, now I'm running into 422 errors on the IP Blacklist download
> section.
>
>
> On Fri, Aug 29, 2014 at 4:44 PM, Matt M. <mr10001 at ...11827...> wrote:
>
>> Here's my conf file line Y requested
>>
>> rule_url=http://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|
>>
>> Joel, you'll have an email in a sec.
>>
>>
>> On Fri, Aug 29, 2014 at 4:39 PM, Joel Esler (jesler) <jesler at ...589...>
>> wrote:
>>
>>>  Can you email me your oinkcode off list?
>>>
>>>  We just verified everything is fine on the server side.
>>>
>>>
>>>
>>>  On Aug 29, 2014, at 4:52 PM, Matt M. <mr10001 at ...11827...> wrote:
>>>
>>>  Yeah, I've tried and still getting 422 errors.  I tried using
>>> HTTP/HTTPS and /rules/ and /reg-rules/... all the same 422 error.  I did
>>> add my oink code and tried regenerating it too.
>>>
>>>
>>> On Fri, Aug 29, 2014 at 3:29 PM, Y M <snort at ...15979...> wrote:
>>>
>>>>
>>>>
>>>>  ------------------------------
>>>> Date: Fri, 29 Aug 2014 15:24:43 -0500
>>>>
>>>> Subject: Re: [Snort-users] Pulled Pork 404 Errors?
>>>> From: mr10001 at ...11827...
>>>> To: snort at ...15979...
>>>> CC: snort-users at lists.sourceforge.net
>>>>
>>>>  That last error was my fault, wget did not work as expected.  I
>>>> replaced the pulledpork.conf file with what was on google code and I'm back
>>>> to error 422
>>>>
>>>>  The old conf file was using "http" instead of "https".  Ok, can you
>>>> try regenerating you oinkcode, and test? You can do so by logging into
>>>> snort.org. If that also does not work, then it may be not from your
>>>> end, just a guess.
>>>>
>>>>  YM
>>>>
>>>>
>>>>  Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
>>>> Error 422 when fetching
>>>> https://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5 at
>>>> /usr/local/bin/pulledpork.pl line 463.
>>>> main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/',
>>>> 'https://www.snort.org/reg-rules/') called at /usr/local/bin/
>>>> pulledpork.pl line 1847
>>>>
>>>>
>>>> On Fri, Aug 29, 2014 at 3:19 PM, Matt M. <mr10001 at ...11827...> wrote:
>>>>
>>>> When I try using the conf file that you linked from google code and
>>>> run:sudo pulledpork.pl -c /etc/pulledpork/pulledpork.conf
>>>> I get an error:
>>>> You are not using the current version of pulledpork.conf!
>>>>
>>>> Please use the version that shipped with PulledPork v0.7.0 - Swine Flu!!
>>>>
>>>>
>>>> On Fri, Aug 29, 2014 at 3:14 PM, Matt M. <mr10001 at ...11827...> wrote:
>>>>
>>>> Now I receive a 422 error:
>>>>
>>>>  Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
>>>>  Error 422 when fetching
>>>> http://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5at
>>>> /usr/local/bin/pulledpork.pl line 463.
>>>>
>>>> main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/',
>>>> 'http://www.snort.org/reg-rules/') called at /usr/local/bin/
>>>> pulledpork.pl line 1847
>>>>
>>>>
>>>> On Fri, Aug 29, 2014 at 3:11 PM, Y M <snort at ...15979...> wrote:
>>>>
>>>>  Date: Fri, 29 Aug 2014 15:08:08 -0500
>>>> Subject: Re: [Snort-users] Pulled Pork 404 Errors?
>>>> From: mr10001 at ...11827...
>>>> To: snort at ...15979...
>>>> CC: snort-users at lists.sourceforge.net
>>>>
>>>>  You bet:
>>>>
>>>>  This is what I have...
>>>>
>>>>  rule_url=http://www.snort.org/rules/|snortrules-snapshot.tar.gz|
>>>> <oinkcode>
>>>>
>>>>
>>>>  Ok, I am not familiar with brew packages, but the URL above may be
>>>> wrong. Replace the "/rules/" with "/reg-rules/" and try again. From the
>>>> original pulledpork.conf:
>>>> https://code.google.com/p/pulledpork/source/browse/trunk/etc/pulledpork.conf
>>>>
>>>>  YM
>>>>
>>>>
>>>> On Fri, Aug 29, 2014 at 3:05 PM, Y M <snort at ...15979...> wrote:
>>>>
>>>>  Date: Fri, 29 Aug 2014 14:37:46 -0500
>>>> From: mr10001 at ...11827...
>>>> To: snort-users at lists.sourceforge.net
>>>> Subject: [Snort-users] Pulled Pork 404 Errors?
>>>>
>>>>  Total Noob Here,
>>>>
>>>>  I'm receiving the following error and cannot seem to figure out how
>>>> to resolve it:
>>>>  >Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
>>>> >A 404 error occurred, please verify your filenames and urls for your
>>>> tarball!
>>>> >Error 404 when fetching
>>>> https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5 at
>>>> /usr/local/bin/pulledpork.pl line 463.
>>>>
>>>>
>>>>  Can you post the "rule_url" from your pulledpork.conf? (without your
>>>> oinkcode).
>>>>
>>>>
>>>>
>>>> >main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz',
>>>> '/tmp/', 'https://www.snort.org/rules/') called at /usr/local/bin/
>>>> pulledpork.pl line 1847
>>>>
>>>>
>>>> I'm on OSX and used brew to install snort and pulled pork v0.7.0.  I've
>>>> tried modifying both the pullpork.pl and conf file to adjust the url's
>>>> by removing the ...org/reg-rules/ and change it to ...org/rules/ and even
>>>> tried to remove the "S" from HTTPS in the url's as well.
>>>> I'm I even in the right ballpark?
>>>> Thanks for any assistance with this,
>>>>
>>>>  --
>>>> M, CISSP, GCFE, GCFA
>>>>
>>>> *“*To disagree leads to study, to study leads to understanding, to
>>>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>>>> loving your theory.*”* -*John Wheeler*
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Slashdot TV. Video for Nerds. Stuff that matters.
>>>> http://tv.slashdot.org/
>>>>
>>>> _______________________________________________ Snort-users mailing list
>>>>  Snort-users at lists.sourceforge.net Go to this URL to change user
>>>> options or unsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users
>>>> <https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users> list
>>>> archive:
>>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please
>>>> visit http://blog.snort.org to stay current on all the latest Snort
>>>> news!
>>>>
>>>>
>>>>
>>>>
>>>>  --
>>>> Matt M., CISSP, GCFE, GCFA
>>>>
>>>> *“*To disagree leads to study, to study leads to understanding, to
>>>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>>>> loving your theory.*”* -*John Wheeler*
>>>>
>>>>
>>>>
>>>>
>>>>  --
>>>> Matt M., CISSP, GCFE, GCFA
>>>>
>>>> *“*To disagree leads to study, to study leads to understanding, to
>>>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>>>> loving your theory.*”* -*John Wheeler*
>>>>
>>>>
>>>>
>>>>
>>>>  --
>>>> Matt M., CISSP, GCFE, GCFA
>>>>
>>>> *“*To disagree leads to study, to study leads to understanding, to
>>>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>>>> loving your theory.*”* -*John Wheeler*
>>>>
>>>>
>>>>
>>>>
>>>>  --
>>>> Matt M., CISSP, GCFE, GCFA
>>>>
>>>> *“*To disagree leads to study, to study leads to understanding, to
>>>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>>>> loving your theory.*”* -*John Wheeler*
>>>>
>>>
>>>
>>>
>>>  --
>>> Matt M., CISSP, GCFE, GCFA
>>>
>>> *“*To disagree leads to study, to study leads to understanding, to
>>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>>> loving your theory.*”* -*John Wheeler*
>>>
>>> ------------------------------------------------------------------------------
>>> Slashdot TV.
>>> Video for Nerds.  Stuff that matters.
>>> http://tv.slashdot.org/_______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest
>>> Snort news!
>>>
>>>
>>>
>>
>>
>> --
>> Matt M., CISSP, GCFE, GCFA
>>
>> *“*To disagree leads to study, to study leads to understanding, to
>> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
>> loving your theory.*”* -*John Wheeler*
>>
>
>
>
> --
> Matt M., CISSP, GCFE, GCFA
>
> *“*To disagree leads to study, to study leads to understanding, to
> understand is to appreciate, to appreciate is to love. So maybe I’ll end up
> loving your theory.*”* -*John Wheeler*
>



-- 
Matt M., CISSP, GCFE, GCFA

*“*To disagree leads to study, to study leads to understanding, to
understand is to appreciate, to appreciate is to love. So maybe I’ll end up
loving your theory.*”* -*John Wheeler*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140829/7f1267c4/attachment.html>


More information about the Snort-users mailing list