[Snort-users] Error 500 today?

Dave Corsello snort-users at ...15598...
Thu Jan 8 11:46:39 EST 2015


I also received a 500 error today on one of two Snort 2.9.7.0 sensors.  
The first failed, and a half-hour later the other succeeded.  No changes 
on my end, identical OS, Snort version, etc. on both.

Also got the following output from pulledpork on one of two sensors on 1/6:

Couldn't read /tmp/978.844374259101-black_list.rules - No such file or directory
  at /usr/local/bin/pulledpork.pl line 487

Also got a 520 error on one of two sensors on 12/29.  These errors are 
outliers, and it's not the same sensor that fails each time.

On 1/7/2015 12:15 PM, Jefferson, Shawn wrote:
>
> I seem to be having a similar problem downloading rules via pulledpork.
>
> The strange thing is that it works fine on my Ubuntu 10.04 installs, 
> but does not work on Ubuntu 12.04.  I get a 500 error trying to 
> download snort rules.  Emerging Threats rules work fine.  We did 
> switch to a different proxy server around that time, and I’ve been 
> troubleshooting from that angle, since it seemed like most people 
> aren’t having a problem any longer?  However, even going back to my 
> old proxy, which is still in place, the rule downloads still do not work.
>
> Any suggestions on how to fix or further troubleshoot this?
>
> *From:*Joel Esler (jesler) [mailto:jesler at ...589...]
> *Sent:* December 15, 2014 10:23 AM
> *To:* Andre DiMino
> *Cc:* snort-users mailinglist
> *Subject:* Re: [Snort-users] Error 500 today?
>
> Fantastic.
>
> Apparently we were having problems will older versions of Wget and curl..
>
> --
> *Joel Esler*
> Open Source Manager
> Threat Intelligence Team Lead
> Talos
>
>     On Dec 15, 2014, at 1:11 PM, Andre DiMino
>     <adimino at ...16035... <mailto:adimino at ...16035...>> wrote:
>
>     Works great now Joel.
>
>     Thanks very much !
>
>     On Mon, Dec 15, 2014 at 12:53 PM, Joel Esler (jesler)
>     <jesler at ...589... <mailto:jesler at ...589...>> wrote:
>
>     We made some changes within in the past hour.  Still seeing the issue?
>
>     On Dec 15, 2014, at 10:29 AM, Andre DiMino
>     <adimino at ...16035... <mailto:adimino at ...16035...>>
>     wrote:
>
>     Does anyone know if this was addressed and fixed?
>     As of this morning, I still am seeing Error 500 when using pulledpork.
>     My last successful update was 12/7/14
>
>     Thanks!
>     Andre'
>
>     On Fri, Dec 5, 2014 at 1:55 PM, Jeremy Hoel <jthoel at ...11827...
>     <mailto:jthoel at ...11827...>> wrote:
>
>     Joel posted to the list earlier that they where moving g snort.org
>     <http://snort.org> around
>     and there might be some issues.
>
>     On Dec 5, 2014 11:44 AM, "Andre DiMino" <adimino at ...16035...
>     <mailto:adimino at ...16035...>> wrote:
>
>
>     Everything worked fine up until this morning.  Now I see:
>
>     "Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
>     Error 500 when fetching
>     https://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5 at
>     /home/xxx/xxx/pulledpork-0.7.0/pulledpork.pl line 463.
>
>     main::md5file('my_oinkcode', 'snortrules-snapshot-2962.tar.gz',
>     '/tmp/',
>     'https://www.snort.org/reg-rules/'
>     <https://www.snort.org/reg-rules/%27>) called at
>     /home/xxx/xxx/pulledpork-0.7.0/pulledpork.pl line 1847"
>
>     Any thoughts?
>     --
>
>     Andre' M. DiMino
>     DeepEnd Research
>     http://deependresearch.org
>     http://sempersecurus.org
>
>     "Make sure that nobody pays back wrong for wrong, but always try to be
>     kind to each other and to everyone else" - 1 Thess 5:15 (NIV)
>
>
>     ------------------------------------------------------------------------------
>     Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>     from Actuate! Instantly Supercharge Your Business Reports and
>     Dashboards
>     with Interactivity, Sharing, Native Excel Exports, App Integration
>     & more
>     Get technology previously reserved for billion-dollar
>     corporations, FREE
>
>     http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
>     _______________________________________________
>     Snort-users mailing list
>     Snort-users at lists.sourceforge.net
>     <mailto:Snort-users at lists.sourceforge.net>
>     Go to this URL to change user options or unsubscribe:
>     https://lists.sourceforge.net/lists/listinfo/snort-users
>     Snort-users list archive:
>     http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
>     Please visit http://blog.snort.org to stay current on all the
>     latest Snort
>     news!
>
>
>
>
>     --
>
>     Andre' M. DiMino
>     DeepEnd Research
>     http://deependresearch.org
>     http://sempersecurus.org
>
>     "Make sure that nobody pays back wrong for wrong, but always try to be
>     kind to each other and to everyone else" - 1 Thess 5:15 (NIV)
>
>     ------------------------------------------------------------------------------
>     Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>     from Actuate! Instantly Supercharge Your Business Reports and
>     Dashboards
>     with Interactivity, Sharing, Native Excel Exports, App Integration
>     & more
>     Get technology previously reserved for billion-dollar
>     corporations, FREE
>     http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
>     _______________________________________________
>     Snort-users mailing list
>     Snort-users at lists.sourceforge.net
>     <mailto:Snort-users at lists.sourceforge.net>
>     Go to this URL to change user options or unsubscribe:
>     https://lists.sourceforge.net/lists/listinfo/snort-users
>     Snort-users list archive:
>     http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
>     Please visit http://blog.snort.org to stay current on all the
>     latest Snort
>     news!
>
>
>
>
>     -- 
>
>     Andre' M. DiMino
>     DeepEnd Research
>     http://deependresearch.org
>     http://sempersecurus.org
>
>     "Make sure that nobody pays back wrong for wrong, but always try to be
>     kind to each other and to everyone else" - 1 Thess 5:15 (NIV)
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming! The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150108/4c782132/attachment.html>


More information about the Snort-users mailing list