<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
As mentioned earlier in another thread the ruleset for 2980 is not out yet, (should be out probably Thursday), 2976’s rules work fine.
<div class=""><br class="">
<div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';" class="">
--</div>
<div style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';" class="">
<b class="">Joel Esler</b></div>
<div style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';" class="">
Manager, Talos Group</div>
<div style="margin: 0px; line-height: normal; font-family: 'Helvetica Neue';" class="">
<br class="">
</div>
</div>
</div>
<br class="Apple-interchange-newline">
<br class="Apple-interchange-newline">
</div>
<br class="">
<div style="">
<blockquote type="cite" class="">
<div class="">On Dec 1, 2015, at 5:37 PM, Rafael Leiva-Ochoa <<a href="mailto:spawn@...17369..." class="">spawn@...17369...</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div dir="ltr" class="">Hi All,
<div class=""><br class="">
</div>
<div class="">  I am getting the following error with pulledpork:</div>
<div class=""><br class="">
</div>
<div class="">
<p class=""><span class="">Last login: Tue Dec  1 14:14:43 2015 from 172.16.1.39</span></p>
<p class=""><span class="">[root@...17370... ~]# <a href="http://pulledpork.pl/" class="">
pulledpork.pl</a> -vv -c /etc/snort/pulledpork.conf -l</span></p>
<div class=""><span class=""> </span><br class="webkit-block-placeholder">
</div>
<p class=""><span class="">    <a href="https://github.com/shirkdog/pulledpork" class="">
https://github.com/shirkdog/pulledpork</a></span></p>
<p class=""><span class="">      _____ ____</span></p>
<p class=""><span class="">     `----,\    )</span></p>
<p class=""><span class="">      `--==\\  /    PulledPork v0.7.2 - E.Coli in your water bottle!</span></p>
<p class=""><span class="">       `--==\\/</span></p>
<p class=""><span class="">     .-~~~~-.Y|<a href="smb://_" class="">\\_</a>  Copyright (C) 2009-2015 JJ Cummings</span></p>
<p class=""><span class="">  @_/        /  66\_  <a href="mailto:cummingsj@...11827..." class="">
cummingsj@...11827...</a></span></p>
<p class=""><span class="">    |    \   \   _(")</span></p>
<p class=""><span class="">     \   /-| ||'--'  Rules give me wings!</span></p>
<p class=""><span class="">      \_\  \_\\</span></p>
<p class=""><span class=""> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span></p>
<p class=""><span class=""></span><br class="">
</p>
<p class=""><span class="">Config File Variable Debug /etc/snort/pulledpork.conf</span></p>
<p class=""><span class=""><span class=""></span>snort_path = /usr/local/bin/snort</span></p>
<p class=""><span class=""><span class=""></span>enablesid = /etc/snort/enablesid.conf</span></p>
<p class=""><span class=""><span class=""></span>black_list = /etc/snort/rules/black_list.rules</span></p>
<p class=""><span class=""><span class=""></span>modifysid = /etc/snort/modifysid.conf</span></p>
<p class=""><span class=""><span class=""></span>rule_path = /etc/snort/rules/snort.rules</span></p>
<p class=""><span class=""><span class=""></span>ignore = deleted.rules,experimental.rules,local.rules</span></p>
<p class=""><span class=""><span class=""></span>snort_control = /usr/local/bin/snort_control</span></p>
<p class=""><span class=""><span class=""></span>rule_url = ARRAY(0x16a3220)</span></p>
<p class=""><span class=""><span class=""></span>sid_msg_version = 1</span></p>
<p class=""><span class=""><span class=""></span>sid_changelog = /var/log/sid_changes.log</span></p>
<p class=""><span class=""><span class=""></span>sid_msg = /etc/snort/sid-msg.map</span></p>
<p class=""><span class=""><span class=""></span>backup_file = /tmp/pp_backup</span></p>
<p class=""><span class=""><span class=""></span>ips_policy = security</span></p>
<p class=""><span class=""><span class=""></span>config_path = /etc/snort/snort.conf</span></p>
<p class=""><span class=""><span class=""></span>temp_path = /tmp</span></p>
<p class=""><span class=""><span class=""></span>distro = Centos-5-4</span></p>
<p class=""><span class=""><span class=""></span>version = 0.7.2</span></p>
<p class=""><span class=""><span class=""></span>sorule_path = /usr/local/lib/snort_dynamicrules/</span></p>
<p class=""><span class=""><span class=""></span>disablesid = /etc/snort/disablesid.conf</span></p>
<p class=""><span class=""><span class=""></span>dropsid = /etc/snort/dropsid.conf</span></p>
<p class=""><span class=""><span class=""></span>local_rules = /etc/snort/rules/local.rules</span></p>
<p class=""><span class="">MISC (CLI and Autovar) Variable Debug:</span></p>
<p class=""><span class=""><span class=""></span>arch Def is: x86-64</span></p>
<p class=""><span class=""><span class=""></span>Operating System is: linux</span></p>
<p class=""><span class=""><span class=""></span>CA Certificate File is: OS Default</span></p>
<p class=""><span class=""><span class=""></span>Config Path is: /etc/snort/pulledpork.conf</span></p>
<p class=""><span class=""><span class=""></span>Distro Def is: Centos-5-4</span></p>
<p class=""><span class=""><span class=""></span>security policy specified</span></p>
<p class=""><span class=""><span class=""></span>local.rules path is: /etc/snort/rules/local.rules</span></p>
<p class=""><span class=""><span class=""></span>Rules file is: /etc/snort/rules/snort.rules</span></p>
<p class=""><span class=""><span class=""></span>Path to disablesid file: /etc/snort/disablesid.conf</span></p>
<p class=""><span class=""><span class=""></span>Path to dropsid file: /etc/snort/dropsid.conf</span></p>
<p class=""><span class=""><span class=""></span>Path to enablesid file: /etc/snort/enablesid.conf</span></p>
<p class=""><span class=""><span class=""></span>Path to modifysid file: /etc/snort/modifysid.conf</span></p>
<p class=""><span class=""><span class=""></span>sid changes will be logged to: /var/log/sid_changes.log</span></p>
<p class=""><span class=""><span class=""></span>sid-msg.map Output Path is: /etc/snort/sid-msg.map</span></p>
<p class=""><span class=""><span class=""></span>Snort Version is: 2.9.8.0</span></p>
<p class=""><span class=""><span class=""></span>Snort Config File: /etc/snort/snort.conf</span></p>
<p class=""><span class=""><span class=""></span>Snort Path is: /usr/local/bin/snort</span></p>
<p class=""><span class=""><span class=""></span>SO Output Path is: /usr/local/lib/snort_dynamicrules/</span></p>
<p class=""><span class=""><span class=""></span>Will process SO rules</span></p>
<p class=""><span class=""><span class=""></span>Logging Flag is Set</span></p>
<p class=""><span class=""><span class=""></span>Extra Verbose Flag is Set</span></p>
<p class=""><span class=""><span class=""></span>Verbose Flag is Set</span></p>
<p class=""><span class=""><span class=""></span>File(s) to ignore = deleted.rules,experimental.rules,local.rules</span></p>
<p class=""><span class=""><span class=""></span>Base URL is: <a href="https://www.snort.org/rules/|snortrules-snapshot.tar.gz|b26b2f91e7f8ac8a3bf091999b07f9a458e39048" class="">
https://www.snort.org/rules/|snortrules-snapshot.tar.gz|b26b2f91e7f8ac8a3bf091999b07f9a458e39048</a>
<a href="https://snort.org/downloads/community/|community-rules.tar.gz|Community" class="">
https://snort.org/downloads/community/|community-rules.tar.gz|Community</a> <a href="http://talosintel.com/feeds/ip-filter.blf|IPBLACKLIST|open" class="">
http://talosintel.com/feeds/ip-filter.blf|IPBLACKLIST|open</a> <a href="https://www.snort.org/rules/|opensource.gz|b26b2f91e7f8ac8a3bf091999b07f9a458e39048" class="">
https://www.snort.org/rules/|opensource.gz|b26b2f91e7f8ac8a3bf091999b07f9a458e39048</a></span></p>
<p class=""><span class="">Checking latest MD5 for snortrules-snapshot-2980.tar.gz....</span></p>
<p class=""><span class=""><span class=""></span>Fetching md5sum for: snortrules-snapshot-2980.tar.gz.md5</span></p>
<p class=""><span class="">** GET <a href="https://www.snort.org/reg-rules/snortrules-snapshot-2980.tar.gz.md5/b26b2f91e7f8ac8a3bf091999b07f9a458e39048" class="">
https://www.snort.org/reg-rules/snortrules-snapshot-2980.tar.gz.md5/b26b2f91e7f8ac8a3bf091999b07f9a458e39048</a> ==> SSL_connect:before/connect initialization</span></p>
<p class=""><span class="">SSL_connect:SSLv2/v3 write client hello A</span></p>
<p class=""><span class="">SSL_connect:SSLv3 read server hello A</span></p>
<p class=""><span class="">SSL_connect:SSLv3 read server certificate A</span></p>
<p class=""><span class="">SSL_connect:SSLv3 read server key exchange A</span></p>
<p class=""><span class="">SSL_connect:SSLv3 read server done A</span></p>
<p class=""><span class="">SSL_connect:SSLv3 write client key exchange A</span></p>
<p class=""><span class="">SSL_connect:SSLv3 write change cipher spec A</span></p>
<p class=""><span class="">SSL_connect:SSLv3 write finished A</span></p>
<p class=""><span class="">SSL_connect:SSLv3 flush data</span></p>
<p class=""><span class="">SSL_connect:SSLv3 read server session ticket A</span></p>
<p class=""><span class="">SSL_connect:SSLv3 read finished A</span></p>
<p class=""><span class="">422 Unprocessable Entity (1s)</span></p>
<p class=""><span class=""><span class=""></span>Error 422 when fetching <a href="https://www.snort.org/rules/snortrules-snapshot-2980.tar.gz.md5" class="">
https://www.snort.org/rules/snortrules-snapshot-2980.tar.gz.md5</a> at /usr/local/bin/<a href="http://pulledpork.pl/" class="">pulledpork.pl</a> line 516</span></p>
<p class=""><span class=""><span class=""></span>main::md5file('b26b2f91e7f8ac8a3bf091999b07f9a458e39048', 'snortrules-snapshot-2980.tar.gz', '/tmp/', '<a href="https://www.snort.org/rules/" class="">https://www.snort.org/rules/</a>') called at /usr/local/bin/<a href="http://pulledpork.pl/" class="">pulledpork.pl</a>
 line 1937</span></p>
<p class=""><span class="">[root@...17370... ~]# </span></p>
<p class=""><br class="">
</p>
<p class="">I looked at the snort archive, and it was an issue before. Any idea how to fix it?</p>
<p class="">Thanks,</p>
<p class="">Rafael</p>
</div>
</div>
------------------------------------------------------------------------------<br class="">
Go from Idea to Many App Stores Faster with Intel(R) XDK<br class="">
Give your users amazing mobile app experiences with Intel(R) XDK.<br class="">
Use one codebase in this all-in-one HTML5 development environment.<br class="">
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.<br class="">
<a href="http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140_______________________________________________" class="">http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140_______________________________________________</a><br class="">
Snort-users mailing list<br class="">
Snort-users@lists.sourceforge.net<br class="">
Go to this URL to change user options or unsubscribe:<br class="">
https://lists.sourceforge.net/lists/listinfo/snort-users<br class="">
Snort-users list archive:<br class="">
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users<br class="">
<br class="">
Please visit http://blog.snort.org to stay current on all the latest Snort news!</div>
</blockquote>
</div>
<br class="">
</div>
</body>
</html>