[Snort-users] PulledPork Stopped Working

Joel Esler (jesler) jesler at ...589...
Mon Jan 9 17:21:24 EST 2017


501 Protocol scheme 'https' is not supported (LWP::Protocol::https not installed) (1s)

Looks like your problem is right there.

--
Sent from my iPhone

On Jan 9, 2017, at 1:17 PM, Keith Pachulski <keith.pachulski at ...17691...<mailto:keith.pachulski at ...17691...>> wrote:

Pulledpork was working fine for me until this latest snort update so looking for some advice on how to correct the error:

$ ./pulledpork.pl -c /home/snort/pulledpork/etc/pulledpork.conf -I security -P -e /home/snort/pulledpork/etc/enablesid.conf -vv
    https://github.com/shirkdog/pulledpork
      _____ ____
     `----,\    )
      `--==\\  /    PulledPork v0.7.3 - Making signature updates great again!
       `--==\\/
     .-~~~~-.Y|\\_  Copyright (C) 2009-2016 JJ Cummings
  @_/        /  66\_  cummingsj at ...11827...<mailto:cummingsj at ...11827...>
    |    \   \   _(")
     \   /-| ||'--'  Rules give me wings!
      \_\  \_\\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Config File Variable Debug /home/snort/pulledpork/etc/pulledpork.conf
        sid_msg_version = 1
        IPRVersion = /home/snort/rules/iplists
        ignore = deleted.rules,experimental.rules,local.rules
        snort_path = /usr/local/bin/snort
        temp_path = /tmp
        sorule_path = /usr/local/lib/snort_dynamicrules/
        sid_msg = /home/snort/rules/etc/sid-msg.map
        local_rules = /home/snort/rules/local.rules
        rule_path = /home/snort/rules/snort.rules
        distro = Ubuntu-12-04
       sid_changelog = /home/snort/rules/pullpork-sid_changes.log
        rule_url = ARRAY(0x1bf0a70)
        config_path = /home/snort/rules/snort.conf
        version = 0.7.3
        black_list = /home/snort/rules/black_list.rules
MISC (CLI and Autovar) Variable Debug:
        Process flag specified!
        arch Def is: x86-64
        Operating System is: linux
        CA Certificate File is: OS Default
        Config Path is: /home/snort/pulledpork/etc/pulledpork.conf
        Distro Def is: Ubuntu-12-04
        security policy specified
        local.rules path is: /home/snort/rules/local.rules
        Rules file is: /home/snort/rules/snort.rules
        Path to enablesid file: /home/snort/pulledpork/etc/enablesid.conf
        sid changes will be logged to: /home/snort/rules/pullpork-sid_changes.log
        sid-msg.map Output Path is: /home/snort/rules/etc/sid-msg.map
        Snort Version is: 2.9.9.0
        Snort Config File: /home/snort/rules/snort.conf
        Snort Path is: /usr/local/bin/snort
        SO Output Path is: /usr/local/lib/snort_dynamicrules/
        Will process SO rules
        Extra Verbose Flag is Set
        Verbose Flag is Set
        File(s) to ignore = deleted.rules,experimental.rules,local.rules
        Base URL is: https://www.snort.org/rules/|snortrules-snapshot.tar.gz| http://talosintelligence.com/feeds/ip-filter.blf|IPBLACKLIST|open
Checking latest MD5 for snortrules-snapshot-2990.tar.gz....
        Fetching md5sum for: snortrules-snapshot-2990.tar.gz.md5
** GET https://www.snort.org/reg-rules/snortrules-snapshot-2990.tar.gz.md5/ ==> 501 Protocol scheme 'https' is not supported (LWP::Protocol::https not installed) (1s)
        Error 501 when fetching https://www.snort.org/rules/snortrules-snapshot-2990.tar.gz.md5 at /home/snort/pulledpork/pulledpork.pl line 534.
        main::md5file("", "snortrules-snapshot-2990.tar.gz", "/tmp/", "https://www.snort.org/rules/") called at /home/snort/pulledpork/pulledpork.pl line 2007

$ locate https.pm
/usr/local/share/perl/5.22.1/LWP/Protocol/https.pm
/usr/share/perl5/URI/https.pm
This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication.
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170109/2e753c22/attachment.html>


More information about the Snort-users mailing list