[Snort-users] Getting Incorrect URL Error Message for a working URL

MMartin at ...16693... MMartin at ...16693...
Tue Feb 11 16:54:28 EST 2014


Hello All,

Installed Version: Snort v2.9.6.0  --and--  Oinkmaster v2.0

Let me start by saying I am new to Snort, but I have it configured and 
running in IDS mode. The issue I'm having is with Oinkmaster.pl, which is 
telling me the URL I am giving is incorrect. Sorry if this was asked 
before, but I tried checking the mail-list's archive for a similar 
situation at but without a search function it was impossible to find a 
similar case...

But anyway, I am a registered User on snort.org and I generated an 
"Oinkcode" from My Account page in order to get a URL configured for 
oinkmaster to update my rules. 

I added the following URL from my "My Oinkcode" page, under "Registered 
User Release", which was generated using my specific code that was given 
to me, which I added  to my "/etc/oinkmaster.conf" file: (*FYI, I hid my 
OinkCode with 'xxx....' below)

http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

This link was the default one given as an example so I tried the 
".../snortrules-snapshot-2960.tar.gz/..." because that is the Snort 
version I currently have installed, and when I open that in a browser I 
get this error below..:

Snort.org Rule Pack Download Error:
      --------------------------
      Subscription: false
      --------------------------
      No rule pack with this filename is available to you.
      --------------------------

I assume since this is the newest version of Snort available, the rules 
are not yet ready for download...?
So I tried the next newest release, which was --> 
"snortrules-snapshot-2956.tar.gz" 

http://www.snort.org/reg-rules/snortrules-snapshot-2956.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I entered that URL above into a browser, and when the page loads I'm 
prompted with a download dialog to download the snortrules-snapshot.
Since I got a download prompt I assume this is the correct URL for me to 
use. So I entered the following line in my oinkmaster.conf file:

url = 
http://www.snort.org/reg-rules/snortrules-snapshot-2956.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Now, when I run the oinkmaster command to update/download the newest 
rule's file I get an error about the URL, see below:

# oinkmaster -o /etc/snort/rules
Loading /etc/oinkmaster.conf

/usr/local/bin/oinkmaster: Error: incorrect URL: "
http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
"

Oink, oink. Exiting...

Since the URL works in a browser I'm not sure why it wouldn't work from 
the oinkmaster.pl command..?
Does anyone know why this would be happening? Any thoughts or suggestions 
would be much appreciated.


Thanks in Advance,
Matt


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140211/221f3268/attachment.html>


More information about the Snort-users mailing list