Re: Intermittent Pulled Pork Error

["Weir, Jason" <jason.weir () nhrs org>]

Snort 2.9.0.4 and PP were installed at the same time on a fresh box and
2.9.0.4 is specified in pulledpork.conf

-J

> -----Original Message-----
> From: JJC [mailto:cummingsj () gmail com] 
> Sent: Wednesday, February 16, 2011 3:02 PM
> To: Weir, Jason
> Cc: Nigel Houghton; Snort Users
> Subject: Re: [Snort-users] Intermittent Pulled Pork Error
>
>
> When did you upgrade your snort version?  PP will read the version
> that you are running and attempt to fetch the ruleset for that
> specific version, unless you specify the version string in the pp
> config file.
>
> JJC
>
> On Wed, Feb 16, 2011 at 11:47 AM, Weir, Jason 
> <jason.weir () nhrs org> wrote:
> > FYI - PP did not error out at 6, 8, and 10PM last night or 
> 8AM and Noon
> > today...
> >
> > -J
> >
> > > -----Original Message-----
> > > From: Nigel Houghton [mailto:nhoughton () sourcefire com]
> > > Sent: Wednesday, February 16, 2011 1:38 PM
> > > To: Weir, Jason
> > > Cc: Snort Users
> > > Subject: Re: [Snort-users] Intermittent Pulled Pork Error
> > >
> > >
> > > On Wed, 16 Feb 2011 13:32:45 -0500, Nigel Houghton wrote:
> > > > On Wed, 16 Feb 2011 13:05:09 -0500, Weir, Jason wrote:
> > > > > Doesn't happen all of the time...
> > > > >
> > > > > Error 500 when fetching
> https://www.snort.org/reg-rules/snortrules-snapshot-2904.tar.gz.md5 at
> > > > > /usr/local/bin/pulledpork.pl line 390
> > > > >
> > > > > -J
> > > >
> > > > That's not a PulledPork error, that's a website error. The
> > > file isn't
> > > > there, which strictly speaking shouldn't be a 500 server 
> error, but
> > > > since the application that handles looking for the file
> > > can't find it,
> > > > the server will return the application error instead of a
> > > 404 not found.
> > > > With that said, I'll forward this to our Snort web team for
> > > > investigation.
> > >
> > > Actually, no I won't. After looking at snort.org I see that
> > > the 2.9.0.4
> > > rule set is not yet available for registered users. So, 
> you'll get a
> > > 404 (or 500) for the rules file too.
> > >
> > > You can fix this for future use by using
> > > snortrules-snapshot-edge.tar.gz as the name of your rules 
> file. That
> > > way, you will get the latest version of rules for either
> > > registered or
> > > subscriber rules automatically. Right now, for registered 
> users this
> > > will be a 2.9.0.3 rule set. Which should work with 2.9.0.4.
> > >
> > > Now, per the rules of the drinking game, I will be taking a
> > > shot or two
> > > for replying to my own email.
> > >
> > > --
> > > Nigel Houghton
> > > Head Mentalist
> > > SF VRT Department of Intelligence Excellence
> > > http://vrt-blog.snort.org/ && http://labs.snort.org/
> ______________________________________________________________
> _______________________________
> > Please visit www.nhrs.org to subscribe to NHRS email 
> announcements and updates.
> >
> --------------------------------------------------------------
> ----------------
> > The ultimate all-in-one performance toolkit: Intel(R) 
> Parallel Studio XE:
> > Pinpoint memory and threading errors before they happen.
> > Find and fix more than 250 security defects in the 
> development cycle.
> > Locate bottlenecks in serial and parallel code that limit 
> performance.
> > http://p.sf.net/sfu/intel-dev2devfeb
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> ______________________________________________________________
> _______________________________
>
> Please visit www.nhrs.org to subscribe to NHRS email 
> announcements and updates.


_____________________________________________________________________________________________

Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users