[Snort-users] Welcome to the "Snort-users" mailing list (Digest mode)

Joel Esler (jesler) jesler at ...589...
Tue Feb 3 10:59:42 EST 2015


Doesn't look like your box is able to make a connection anywhere.  Proxy issue?

--
Joel Esler
Sent from my iPhone

On Feb 3, 2015, at 10:10 AM, Ikenna Chiadikaobi <reniykec at ...131...<mailto:reniykec at ...131...>> wrote:

hi, thanks for the reply, attached is my snort.conf file and pulledpork file.
These are the error i get for the pulledpork when i run sudo /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -l

Checking latest MD5 for etpro.rules.tar.gz....
    A 404 error occurred, please verify your filenames and urls for your tarball!
    Error 404 when fetching https://rules.emergingthreatspro.com/et oinkcode/snort-2.9.7/etpro.rules.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 463.
    main::md5file('et oinkcode', 'etpro.rules.tar.gz', '/tmp/', 'https://rules.emergingthreatspro.com/et oinkcode/snort-2.9.7/') called at /usr/local/bin/pulledpork.pl line 1847
 Thanks.

CHIADIGHIKAOBI IKENNA RENE
UNIVERSITI MALAYSIA SARAWAK
FACULTY OF COMPUTER SEC& INFORMATION TECH
COMPUTER NETWORK.


BY THE GRACE OF GOD WE CAN DO ALL THINGS.


On Tuesday, February 3, 2015 3:31 AM, Al Lewis (allewi) <allewi at ...589...<mailto:allewi at ...589...>> wrote:


Hello,

Both of your errors point to missing files.

This error:
ERROR: /etc/snort//etc/snort/rules/snort.rules(0) Unable to open rules file "/etc/snort//etc/snort/rules/snort.rules": No such file or directory.

Looks like your snort.conf rule location is setup incorrectly.



The other error:
Couldn't read /tmp/468.389031567739-black_list.rules - No such file or directory

Looks like you are trying to pull down a file that doesn’t exist.


Please provide a snort.conf file if possible.


Thanks!

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi at ...589...<mailto:allewi at ...589...>

From: Ikenna Chiadikaobi [mailto:reniykec at ...131...]
Sent: Tuesday, February 03, 2015 1:54 AM
To: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Subject: Re: [Snort-users] Welcome to the "Snort-users" mailing list (Digest mode)

hi, am rene, please i am facing this problem when configuring snort in ubuntu 14.04

Detection:
   Search-Method = AC-Full-Q
    Split Any/Any group = enabled
    Search-Method-Optimizations = enabled
    Maximum pattern length = 20
ERROR: /etc/snort//etc/snort/rules/snort.rules(0) Unable to open rules file "/etc/snort//etc/snort/rules/snort.rules": No such file or directory.

Fatal Error, Quitting..

and also after using the puallpork following the guide pdf provided on the snort website, i get this problem

IP Blacklist download of http://labs.snort.org/feeds/ip-filter.blf....
Reading IP List...
Couldn't read /tmp/468.389031567739-black_list.rules - No such file or directory
 at /usr/local/bin/pulledpork.pl line 487.
       main::read_iplist('HASH(0x9717abc)', '/tmp/468.389031567739-black_list.rules') called at /usr/local/bin/pulledpork.pl line 378
       main::rulefetch('open', 'IPBLACKLIST0', '/tmp/', 'http://labs.snort.org/feeds/ip-filter.blf') called at /usr/local/bin/pulledpork.pl line 1856

 I will appreciate your help.

Thanks.


CHIADIGHIKAOBI IKENNA RENE
UNIVERSITI MALAYSIA SARAWAK
FACULTY OF COMPUTER SEC& INFORMATION TECH
COMPUTER NETWORK.

BY THE GRACE OF GOD WE CAN DO ALL THINGS.

On Tuesday, February 3, 2015 2:15 PM, "snort-users-request at ...2652...e.net<mailto:snort-users-request at lists.sourceforge.net>" <snort-users-request at lists.sourceforge.net<mailto:snort-users-request at lists.sourceforge.net>> wrote:

Welcome to the Snort-users at lists.sourceforge.net<mailto:Snort-users at ...1844...ourceforge.net> mailing list! This
list is for general discussion of Snort usage, problems, design, etc.

Do not use this list, or the members of this list to market your or
any other products to.  We value our Community's privacy and their
right not to receive unsolicited email.  Any attempts to do so will
result in your being banned from the lists indefinitely.

To post to this list, send your email to:

  snort-users at lists.sourceforge.net<mailto:snort-users at ...3893...t>

General information about the mailing list is at:

  https://lists.sourceforge.net/lists/listinfo/snort-users

If you ever want to unsubscribe or change your options (eg, switch to
or from digest mode, change your password, etc.), visit your
subscription page at:

  https://lists.sourceforge.net/lists/options/snort-users/reniykec%40yahoo.com


You can also make such adjustments via email by sending a message to:

  Snort-users-request at lists.sourceforge.net<mailto:Snort-users-request at ...1753...s.sourceforge.net>

with the word `help' in the subject or body (don't include the
quotes), and you will get back a message with instructions.

You must know your password to change your options (including changing
the password, itself) or to unsubscribe.  It is:

  rene00

Normally, Mailman will remind you of your lists.sourceforge.net<http://lists.sourceforge.net>
mailing list passwords once every month, although you can disable this
if you prefer.  This reminder will also include instructions on how to
unsubscribe or change your account options.  There is also a button on
your options page that will email your current password to you.



<pulledpork.conf>
<snort.conf>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150203/e6f83690/attachment.html>


More information about the Snort-users mailing list