[Snort-users] Error 404 when fetching https://www.snort.org/downloads/registered/snortrules-snapshot-2962.tar.gz.md5

Joel Esler (jesler) jesler at ...589...
Thu Apr 30 12:03:19 EDT 2015

So, make sure you are using the version checked out from Git for pulledpork to verify there is no issue. Also, you posted your oinkcode in this email, so you’ll want to log into Snort.org<http://Snort.org> and reset it.

Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos Group

On Apr 30, 2015, at 10:25 AM, Brian Diehl <BDiehl at ...17150...<mailto:BDiehl at ...17150...>> wrote:


I only occasionally update my rules files on my Snort Scanner.  I’m running on a Ubuntu install.  I’m now getting the following errors:

bdiehl at ...17151...:~/Downloads/pulledpork-0.7.0$ sudo  ./pulledpork.pl -c etc/pulledpork.conf

      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.0 - Swine Flu!
     .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
  @_/        /  66\_  cummingsj at ...11827...<mailto:cummingsj at ...11827...>
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\

Config File Variable Debug etc/pulledpork.conf
        snort_path = /usr/local/bin/snort
        black_list = /etc/snort/rules/black_list.rules
        IPRVersion = /etc/snort/rules/iplists
        rule_path = /etc/snort/rules/snort.rules
        ignore = deleted.rules,experimental.rules,local.rules
        snort_control = /usr/local/bin/snort_control
        rule_url = ARRAY(0x2f616e8)
        sid_msg_version = 1
        sid_changelog = /var/log/sid_changes.log
        sid_msg = /etc/snort/sid-msg.map
        config_path = /etc/snort/snort.conf
        temp_path = /tmp
        distro = Ubuntu-10-4
        sorule_path = /usr/local/lib/snort_dynamicrules/
        version = 0.7.0
        local_rules = /etc/snort/rules/local.rules
MISC (CLI and Autovar) Variable Debug:
        arch Def is: x86-64
        Config Path is: etc/pulledpork.conf
        Distro Def is: Ubuntu-10-4
        Disabled policy specified
        local.rules path is: /etc/snort/rules/local.rules
        Rules file is: /etc/snort/rules/snort.rules
        sid changes will be logged to: /var/log/sid_changes.log
        sid-msg.map Output Path is: /etc/snort/sid-msg.map
        Snort Version is:
        Snort Config File: /etc/snort/snort.conf
        Snort Path is: /usr/local/bin/snort
        SO Output Path is: /usr/local/lib/snort_dynamicrules/
        Will process SO rules
        Extra Verbose Flag is Set
        Verbose Flag is Set
        Base URL is: https://www.snort.org/downloads/registered/|snortrules-snapshot.tar.gz|f3242df71d4050bf9e7dd67f4d3f7f4c2e70d457 https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|openhttps://www.snort.org/downloads/registered/|opensource.gz|f3242df71d4050bf9e7dd67f4d3f7f4c2e70d457https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open
Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
        Fetching md5sum for: snortrules-snapshot-2962.tar.gz.md5
** GET https://www.snort.org/downloads/registered/snortrules-snapshot-2962.tar.gz.md5/f3242df71d4050bf9e7dd67f4d3f7f4c2e70d457 ==> 404 Not Found (1s)
        A 404 error occurred, please verify your filenames and urls for your tarball!
        Error 404 when fetching https://www.snort.org/downloads/registered/snortrules-snapshot-2962.tar.gz.md5 at ./pulledpork.pl line 465
        main::md5file('f3242df71d4050bf9e7dd67f4d3f7f4c2e70d457', 'snortrules-snapshot-2962.tar.gz', '/tmp/', 'https://www.snort.org/downloads/registered/') called at ./pulledpork.pl line 1849

When I go out to the downloads page I see that all the md5 rules are now combined down into one MD5 file.  However, pulledpork doesn’t know about this.  I checked the pulledpork download page and version 0.7.0 is still the current version.  What is the correct solution to this problem?

Thanks in advance.

Brian Diehl
Christensen Farms IT Manager
Phone: 507-794-8585

One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150430/472d3c82/attachment.html>

More information about the Snort-users mailing list