[Snort-users] Error 500 during update of rule-set using pulled-pork

waldo kitty wkitty42 at ...14940...
Sat May 3 21:34:19 EDT 2014

On 5/3/2014 1:29 PM, Michael Steele wrote:
> For testing PP only; As long as you specify the version of rules to pull in the
> pulledpork.conf  ( snort_version=x.x.x.x )  the version of snort you are running
> is not relevant, or shouldn’t be. PP should complete successfully.
> I complained about this MONTHS / YEARS ago; For thirty days after a new version
> of Snort is released there is confusion about the rule set / configuration files
> compatibility for new users. Registered users can’t get access to the newly
> named rule set that matches the latest Snort version.

the tools being used should automatically attempt to fall back to the previous 
rules sets... in the firewall project i work with, we have spent a lot of time 
working on doing just this to prevent the tons of support posts inquiring why 
our users who are VRT registered users cannot download the rules for the newest 
snort when they update their installations...

IMHO, pulledpork should also perform this feat of majik if for no other reason 
than to ward off all these posts like this when newer snorts are released and 
registered subscribers cannot access those snort version specific rules sets for 
30 days...

  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

More information about the Snort-users mailing list