[Snort-users] Error 422 with snortrules-snapshot-2972.tar.gz

Scott Link linksg at ...17169...
Fri May 29 09:19:13 EDT 2015


Joel,

I have confirmed the oinkcode in pulledpork.conf matches what's in our
account. When I first had this issue, I tried regenerating the code and
updating pulledpork.conf and got the same result. Since then, I used wget
to pull the ruleset and the file with the md5sum. I think that would also
confirm I'm using a valid oinkcode.

Thanks,
Scott

On Fri, May 29, 2015 at 8:07 AM, Joel Esler (jesler) <jesler at ...589...>
wrote:

>  Not sure what the issue is, I’m watching the logs on Snort.org right
> now, and thousands of people seem to not be having a problem.  Is your
> oinkcode valid, no typos in it?
>
>  --
> *Joel Esler*
> Open Source Manager
> Threat Intelligence Team Lead
> Talos Group
> http://www.talosintel.com
>
>   On May 29, 2015, at 7:49 AM, Scott Link <linksg at ...17169...> wrote:
>
>  In the meantime, I've applied the latest Security Onion updates. I had
> to restart nsm service to get everything back online after, but sostat is
> now reporting all is well.
>
>  Retried rule-update and the error message is still there.
>
>  Any additional information I can make a run at tracking down and
> providing?
>
> On Fri, May 22, 2015 at 6:51 PM, Joel Esler (jesler) <jesler at ...589...>
> wrote:
>
>>  We are going to look into this.  However, everyone is pretty much out
>> of the office until Tuesday.
>>
>> --
>> *Joel Esler*
>> Sent from my iPhone
>>
>> On May 22, 2015, at 4:28 PM, Shirkdog <shirkdog at ...11827...> wrote:
>>
>>
>>  On May 22, 2015 3:45 PM, "Scott Link" <linksg at ...17169...> wrote:
>> >
>> > Hi,
>> >
>> > Getting the following error message:
>> > Running PulledPork.
>> >     Error 422 when fetching
>> https://www.snort.org/reg-rules/snortrules-snapshot-2972.tar.gz.md5 at
>> /usr/bin/pulledpork.pl line 463
>> >     main::md5file(' <oinkcode redacted>',
>> 'snortrules-snapshot-2972.tar.gz', '/tmp/', '
>> https://www.snort.org/reg-rules/') called at /usr/bin/pulledpork.pl line
>> 1885
>> >     http://code.google.com/p/pulledpork/
>> >       _____ ____
>> >      `----,\    )
>> >       `--==\\  /    PulledPork v0.7.0 - Swine Flu!
>> >        `--==\\/
>> >      .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
>> >   @_/        /  66\_  cummingsj at ...11827...
>> >     |    \   \   _(")
>> >      \   /-| ||'--'  Rules give me wings!
>> >       \_\  \_\\
>> >  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> > Checking latest MD5 for snortrules-snapshot-2972.tar.gz....
>> >
>> > Searching the archive seems to point to server-side issue. Need
>> anything else?
>>
>> Try with Snort version 2.9.7.3
>>
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>>
>>  _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>>
>
>
>  --
>  Scott Link
> Manager, ITS Infrastructure Operations Security
> Saint Louis University
> www.slu.edu
> 314.977.9713
>
>
>


-- 
Scott Link
Manager, ITS Infrastructure Operations Security
Saint Louis University
www.slu.edu
314.977.9713
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150529/575511c9/attachment.html>


More information about the Snort-users mailing list