<div dir="ltr"><div><div>Hello Joel<br><br></div>I did as you said. Downloaded a new 
copy from github and replace my current set up of pulledpork on my box. I
 followed the instruction from the site("<a href="http://sublimerobots.com/2014/12/installing-snort-part-5/" target="_blank">http://sublimerobots.com/2014/12/installing-snort-part-5/</a>")<br></div>However, the result is like this:<span class="im"><br><br>Checking latest MD5 for snortrules-snapshot-2975.tar.gz....<br></span><span class="im">    They Match<br>    Done!<br>Checking latest MD5 for community-rules.tar.gz....<br></span>    They Match<br>    Done!<br>IP Blacklist download of <a href="http://talosintel.com/files/additional_resources/ips_blacklist/ip-filter.blf.." target="_blank">http://talosintel.com/files/additional_resources/ips_blacklist/ip-filter.blf..</a>..<br>Reading IP List...<br>Couldn't read /tmp/296.170136981772-black_list.rules - No such file or directory<br> at /usr/local/bin/<a href="http://pulledpork.pl" target="_blank">pulledpork.pl</a> line 540.<br>    main::read_iplist('HASH(0x15bd080)', '/tmp/296.170136981772-black_list.rules') called at /usr/local/bin/<a href="http://pulledpork.pl" target="_blank">pulledpork.pl</a> line 431<br>    main::rulefetch('open', 'IPBLACKLIST0', '/tmp/', '<a href="http://talosintel.com/files/additional_resources/ips_blacklis..." target="_blank">http://talosintel.com/files/additional_resources/ips_blacklis...</a>') called at /usr/local/bin/<a href="http://pulledpork.pl" target="_blank">pulledpork.pl</a> line 1946</div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Aug 14, 2015 at 10:04 AM, Joel Esler (jesler) <span dir="ltr"><<a href="mailto:jesler@...589..." target="_blank">jesler@...589...</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">



<div style="word-wrap:break-word">
You might want to update your copy of pulledpork to the latest version in git.  We’re moving the blacklist off of
<a href="http://labs.snort.org" target="_blank">labs.snort.org</a>
<div><br>
</div>
<div><span style="line-height:normal;font-family:'Lucida Grande'">--</span><br>
<span style="line-height:normal;font-family:'Lucida Grande'"><b>Joel Esler</b></span><br>
<span style="line-height:normal;font-family:'Lucida Grande'">Manager, Threat Intelligence Team & Open Source</span><br>
<span style="line-height:normal;font-family:'Lucida Grande'">Talos Group</span><br>
<span style="line-height:normal;font-family:'Helvetica Neue'"><a href="http://www.talosintel.com" target="_blank">http://www.talosintel.com</a></span></div>
<div><span style="line-height:normal;font-family:'Helvetica Neue'"><br>
</span></div>
<div>
<div>
<blockquote type="cite"><div><div class="h5">
<div>On Aug 14, 2015, at 10:25 AM, ha dinhphu <<a href="mailto:hadinhphu@...11827..." target="_blank">hadinhphu@...11827...</a>> wrote:</div>
<br>
</div></div><div><div><div class="h5">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>Good morning,<br>
<br>
</div>
I followed the post on this webpage to install Snort on my linux box.<br>
<br>
<a href="http://sublimerobots.com/2014/12/installing-snort-part-1/" target="_blank">http://sublimerobots.com/2014/12/installing-snort-part-1/</a><br>
<br>
</div>
However, on step 5, installing PulledPork for snort.<br>
<br>
<a href="http://sublimerobots.com/2014/12/installing-snort-part-5/" target="_blank">http://sublimerobots.com/2014/12/installing-snort-part-5/</a><br>
<br>
</div>
I got the following error while I tried to run this command: "<code>sudo</code>
<code>/usr/local/bin/pulledpork</code><code>.pl -c
</code><code>/etc/snort/pulledpork</code><code>.conf -l"<br>
<br>
--------------------------<br>
Checking latest MD5 for snortrules-snapshot-2975.tar.gz....<br>
Rules tarball download of snortrules-snapshot-2975.tar.gz....<br>
    They Match<br>
    Done!<br>
Checking latest MD5 for community-rules.tar.gz....<br>
Rules tarball download of community-rules.tar.gz....<br>
    They Match<br>
    Done!<br>
IP Blacklist download of <a href="http://labs.snort.org/feeds/ip-filter.blf.." target="_blank">
http://labs.snort.org/feeds/ip-filter.blf..</a>..<br>
Reading IP List...<br>
Couldn't read /tmp/621.416477111296-black_list.rules - No such file or directory<br>
 at /usr/local/bin/<a href="http://pulledpork.pl/" target="_blank">pulledpork.pl</a> line 487.<br>
    main::read_iplist('HASH(0x1dd8148)', '/tmp/621.416477111296-black_list.rules') called at /usr/local/bin/<a href="http://pulledpork.pl/" target="_blank">pulledpork.pl</a> line 378<br>
    main::rulefetch('open', 'IPBLACKLIST0', '/tmp/', '<a href="http://labs.snort.org/feeds/ip-filter.blf" target="_blank">http://labs.snort.org/feeds/ip-filter.blf</a>') called at /usr/local/bin/<a href="http://pulledpork.pl/" target="_blank">pulledpork.pl</a> line 1856<br>
------------------------------<br>
</code></div>
<code>I searched the internet for solution but did not find any. Any help would be greatly appreciated!</code><code><br>
</code></div>
</div></div></div>
------------------------------------------------------------------------------<br>
_______________________________________________<br>
Snort-users mailing list<br>
<a href="mailto:Snort-users@lists.sourceforge.net" target="_blank">Snort-users@lists.sourceforge.net</a><br>
Go to this URL to change user options or unsubscribe:<br>
<a href="https://lists.sourceforge.net/lists/listinfo/snort-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/snort-users</a><br>
Snort-users list archive:<br>
<a href="http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users" target="_blank">http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users</a><br>
<br>
Please visit <a href="http://blog.snort.org" target="_blank">http://blog.snort.org</a> to stay current on all the latest Snort news!</div>
</blockquote>
</div>
<br>
</div>
</div>

</blockquote></div><br></div>