[Snort-users] pulledpork config two different error messages

Y M snort at ...15979...
Thu Jan 1 10:31:10 EST 2015


Most probably, you are getting the first error because you are requesting the "registered" ruleset. For that to work you need to specify the oinkcode in pulledpork.conf.

Just login to snort.org and generate an oinkcode. This should take care of the second error given that you revert the URL back to its original state.

Sent from Mobile
________________________________
From: Flo<mailto:Flo.Matuschek at ...5689...>
Sent: ‎1/‎1/‎2015 4:14 PM
To: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Subject: [Snort-users] pulledpork config two different error messages

Hi Forum Users,


my Problem is with Snort in the Version 2.9.7.0 and I this try to
Install this with:

Setup Guide: „Snort 2.9.6.2 on Ubuntu 12 LTS and 14 LTS“(from the Site:
www.snort.org <http://www.snort.org/>)

I'm about the Chapter 11 with the headline „Rulesets and a Snort Code“.


After editing the „/etc/snort/pulledpork.conf“ like the guide,I run
following command:
sudo /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -l


Now I get the error message:

Checking latest MD5 for snortrules -2970.tar.gz.....

Error 422 when fetching https://www.snort.org/
<https://www.snort.org/reg-rules/snortrules-snapshot-2970.tar.gz.md5>reg-rules/snortrules-snapshot-2970.tar.gz.md5
<https://www.snort.org/reg-rules/snortrules-snapshot-2970.tar.gz.md5> at
/usr/local/bin/pulledpork.pl line 463

main::md5file('<XXX>', 'snortrules – snapshot-2970-tar.gz' ,' /tmp/' ,
'https://www.snort.org/reg-rules/') called at
/usr/local/bin/pulledpork.pl line 1847


Now I found following text more times:

„So, once it is working on the snort.org<http://snort.org/> website, the
new rule_url line should be as you specified below, with no |, ignoring
the rules specified?“

So I removed the Pipe- Symbols in the three lines with insert my <oinkcode>.

Then
the upper errormessage disappeared but a new come in additon:

„You need to define an oinkcode, please review the rule_url section of the
pulledpork config file! “at /usr/local/bin/pulledpork.pl line 1801.

What can I do now? My search hours are not sucessful.
Thanks!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150101/ff3e01c9/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
-------------- next part --------------
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


More information about the Snort-users mailing list