[Snort-users] Odp: PulledPork stopped updating and starts duplicate

Shirkdog shirkdog at ...11827...
Fri May 29 09:25:26 EDT 2015


As Snort releases new versions, older signature sets are no longer
available.

We also need more information to help with your issue. Pulledpork looked
like it ran successfully.
On May 29, 2015 9:23 AM, "Robert Lasota" <wrkilu at ...3879...> wrote:

> Dnia Piątek, 29 Maja 2015 09:50 Robert Lasota <wrkilu at ...3879...> napisał(a)
>
> Hi,
>
>
> Did somebody meet with such strange case ? I mean, I had working
> Pulledpork, then I changed someting (but even I don't know what because I
> turned out later about that), and now duting run it doesn't display what it
> update/change in rules and laso it start diplicate rules! After every next
> run I get in rules directory thse same files with rules but with added the
> same rules as later :(
>
>
>
> ./pulledpork.pl -P -k -I security -c etc/pulledpork.conf
>
>     http://code.google.com/p/pulledpork/
>       _____ ____
>      `----,\    )
>       `--==\\  /    PulledPork v0.7.0 - Swine Flu!
>        `--==\\/
>      .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
>   @_/        /  66\_  cummingsj at ...11827...
>     |    \   \   _(")
>      \   /-| ||'--'  Rules give me wings!
>       \_\  \_\\
>  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
>         They Match
>         Done!
> Prepping rules from snortrules-snapshot-2962.tar.gz for work....
>         Done!
> Reading rules...
> Reading rules...
> Activating security rulesets....
>         Done
> Modifying Sids....
>         Done!
> Processing /tmp/pulledpork-0.7.0/etc/enablesid.conf....
>         Modified 0 rules
>         Done
> Processing /tmp/pulledpork-0.7.0/etc/dropsid.conf....
>         Modified 0 rules
>         Done
> Processing /tmp/pulledpork-0.7.0/etc/disablesid.conf....
>         Modified 0 rules
>         Done
> Setting Flowbit State....
>         Enabled 777 flowbits
>         Enabled 25 flowbits
>         Enabled 4 flowbits
>         Enabled 2 flowbits
>         Done
> Writing rules to unique destination files....
>         Writing rules to /tmp/rules/
>         Done
> Generating sid-msg.map....
>         Done
> Writing v1 /tmp/sid-msg.map....
>         Done
> Fly Piggy Fly!
> [root at ...17180... pulledpork-0.7.0]
>
>
>
> What is going on ?
>
> Robert
>
>
>
>
>
> I noticed also, it doesn't actualize (during working)
> /var/log/sid_changes.log, what the hell ?? I've being sitting on it from
> morning and nothing... still I can't find the reason :(
>
>
>
> Robert
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150529/0aa6b570/attachment.html>


More information about the Snort-users mailing list