[Snort-users] Getting Incorrect URL Error Message for a working URL

MMartin at ...16693... MMartin at ...16693...
Tue Feb 11 20:56:01 EST 2014


Hey Joel, thanks for the reply.

Ok, that makes sense, good that's the one I used... And about the other thing with the regex in the Perl script I mentioned, I realized I was using the wrong formatted URL.

After you generate the oinkcode they show multiple URLs to use, but there was a section specifically for oinkmaster that I must have missed the first time around... That one worked.

Thanks again for the reply,
Matt

"Joel Esler (jesler)" <jesler at ...589...> wrote:



You won’t be able to pull 2.9.6.0 rules unless you are a subscriber, as they are only available to subscribers for the first 30 days.  If you pull 2.9.5.6, they should work.


On Feb 11, 2014, at 4:54 PM, MMartin at ...16693...<mailto:MMartin at ...16693...> wrote:

Hello All,

Installed Version: Snort v2.9.6.0  --and--  Oinkmaster v2.0

Let me start by saying I am new to Snort, but I have it configured and running in IDS mode. The issue I'm having is with Oinkmaster.pl, which is telling me the URL I am giving is incorrect. Sorry if this was asked before, but I tried checking the mail-list's archive for a similar situation at but without a search function it was impossible to find a similar case...

But anyway, I am a registered User on snort.org<http://snort.org> and I generated an "Oinkcode" from My Account page in order to get a URL configured for oinkmaster to update my rules.

I added the following URL from my "My Oinkcode" page, under "Registered User Release", which was generated using my specific code that was given to me, which I added  to my "/etc/oinkmaster.conf" file: (*FYI, I hid my OinkCode with 'xxx....' below)

http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

This link was the default one given as an example so I tried the ".../snortrules-snapshot-2960.tar.gz/..." because that is the Snort version I currently have installed, and when I open that in a browser I get this error below..:

Snort.org<http://Snort.org> Rule Pack Download Error:
     --------------------------
     Subscription: false
     --------------------------
     No rule pack with this filename is available to you.
     --------------------------

I assume since this is the newest version of Snort available, the rules are not yet ready for download...?
So I tried the next newest release, which was --> "snortrules-snapshot-2956.tar.gz"

http://www.snort.org/reg-rules/snortrules-snapshot-2956.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I entered that URL above into a browser, and when the page loads I'm prompted with a download dialog to download the snortrules-snapshot.
Since I got a download prompt I assume this is the correct URL for me to use. So I entered the following line in my oinkmaster.conf file:

url = http://www.snort.org/reg-rules/snortrules-snapshot-2956.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Now, when I run the oinkmaster command to update/download the newest rule's file I get an error about the URL, see below:

# oinkmaster -o /etc/snort/rules
Loading /etc/oinkmaster.conf

/usr/local/bin/oinkmaster: Error: incorrect URL: "http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Oink, oink. Exiting...

Since the URL works in a browser I'm not sure why it wouldn't work from the oinkmaster.pl command..?
Does anyone know why this would be happening? Any thoughts or suggestions would be much appreciated.


Thanks in Advance,
Matt


------------------------------------------------------------------------------
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience.  Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience.  Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140211/2cefd539/attachment.html>


More information about the Snort-users mailing list