Re: utoh... 2.8.6.1 is out but what about the rules files??

[waldo kitty <wkitty42 () windstream net>]

On 7/24/2010 18:41, Matthew Watchinski wrote:
> What link isn't working the packages are listed on the download page.

we don't use links on web pages nor do we attempt to parse web pages... our 
environment uses automated scripts and feeds the "calculated" urls to 
oinkmaster... with the recent changes you guys made in your naming of the rules 
snapshots, we had to adjust our scripts for the new naming format... our scripts 
query snort for its version number and then cut the dots out and pad to 4 
characters with trailing zeros...

several of our people scooped up the new 2.8.6.1 sources, compiled them and put 
them in place... when they attempted to update, they got a response to the 
effect that snortrules-snapshot-2861.tar.gz was unavailable... i'm suspecting, 
but haven't gotten more data from those folk, that there was a 403 issued by 
your servers or the cloud for some reason and that the scripts default to a 
"rules are unavailable" message...

there was a time when your 403 responses told the current time and to try back 
in X minutes... our scripts used to parse that, make the necessary notifications 
to the user and then sleep for those X minutes before trying again... i don't 
recall when you guys took out the "try back in X" response but it was a 
GoodThing<tm> and now that it is gone and a plain 403 is returned, well... 
that's a BadThing<tm>... especially when you have folk who keep clicking the 
update button or keep firing up the scripts over and over thinking that it is 
somehow a problem on their end when it is actually your servers simply denying 
them access at that time...

i don't have much more than that to offer right now :?

> Sent from my iPhone
>
> On Jul 24, 2010, at 6:03 PM, waldo kitty<wkitty42 () windstream net>
> wrote:
>
> > we've already got several setups using 2.8.6.1 but the rules updates
> > are not
> > working... why? because the setup, according to VRT/snort.org,
> > should be looking
> > for rules files of the same version numbering as snort (2861) but
> > unless these
> > have majikally appeared since the 2.8.6.1 announcement, then there's
> > a problem :?
> >
> > ---
> > ---
> > ---
> > ---------------------------------------------------------------------
> > This SF.net email is sponsored by Sprint
> > What will you do first with EVO, the first 4G phone?
> > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users