Snort mailing list archives
Re: Using PP
From: "Michael Steele" <michaels () winsnort com>
Date: Thu, 13 Sep 2012 12:05:30 -0400
Pulledpork.pl has a list of packages it uses not too far down in the code with 'use' if front of the packages. I believe Perl will throw an error if any are missing. Kindest regards, Michael... WINSNORT.com Management -- ****************** Established ~ 2001 ******************* * Visit Us @ <http://www.winsnort.com> http://www.winsnort.com * * ~~ FREE WinIDS Snort installation guides ~~ * * ~~ FREE support forums ~~ * * Snort: Open Source Network IDS - <http://www.snort.org> http://www.snort.org * ********************************************************* From: John York [mailto:YorkJ () brcc edu] Sent: Thursday, September 13, 2012 11:04 AM To: 'Pratik Narang'; Heine Lysemose Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Using PP You are missing some perl modules. If you are using Ubuntu, the quickest way to get them is this: sudo apt-get install libssl-dev libcrypt-ssleay-perl libio-all-lwp-perl Otherwise you can test your Fu with CPAN. See the part in http://code.google.com/p/pulledpork/wiki/FAQ about LWP::Simple Thanks John From: Pratik Narang [mailto:pratik.cse.bits () gmail com] Sent: Thursday, September 13, 2012 5:15 AM To: Heine Lysemose Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Using PP With 'sudo', it says: sudo /usr/local/bin/pulledpork.pl -c /usr/local/snort/etc/pulledpork/pulledpork.conf -C /usr/local/snort/etc/snort.conf -I security Can't locate Crypt/SSLeay.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.14.2 /usr/local/share/perl/5.14.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.14 /usr/share/perl/5.14 /usr/local/lib/site_perl .) at /usr/local/bin/pulledpork.pl line 28. BEGIN failed--compilation aborted at /usr/local/bin/pulledpork.pl line 28. On Thu, Sep 13, 2012 at 1:46 PM, Heine Lysemose <lysemose () gmail com> wrote: Hi Try running the command with sudo. sudo /usr/local/bin/pulledpork.pl -c /usr/local/snort/etc/pulledpork/pulledpork.conf -C /usr/local/snort/etc/snort.conf -I security /Lysemose On Thu, Sep 13, 2012 at 9:11 AM, Pratik Narang <pratik.cse.bits () gmail com> wrote:
Well on the advice of few Snort experts on the list I decided to start
using
Pulled Pork. But I couldn't really make it run yet! Here's the dump from the console.
Any
help will be appreciated... $ /usr/local/bin/pulledpork.pl -c /usr/local/snort/etc/pulledpork/pulledpork.conf -C /usr/local/snort/etc/snort.conf -I security http://code.google.com/p/pulledpork/ _____ ____ `----,\ ) `--==\\ / PulledPork v0.6.1 the Smoking Pig <////~ `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2011 JJ Cummings @_/ / 66\_ cummingsj () gmail com | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Can't create /usr/local/snort/etc/pulledpork/so_rules.rules - Permission denied at /usr/local/bin/pulledpork.pl line 1548 readline() on closed filehandle FH at /usr/local/bin/pulledpork.pl line 1327. Checking latest MD5 for snortrules-snapshot-2931.tar.gz.... No such file or directory at /usr/local/bin/pulledpork.pl line 457 main::md5file('c475af39408e0e7ad0f4f6d961543b1e7b989c3b', 'snortrules-snapshot-2931.tar.gz', '/usr/local/snort/tmp/', 'https://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl line 1758
---------------------------------------------------------------------------- --
Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Using PP Pratik Narang (Sep 13)
- Re: Using PP Heine Lysemose (Sep 13)
- Re: Using PP Pratik Narang (Sep 13)
- Re: Using PP Heine Lysemose (Sep 13)
- Re: Using PP Pratik Narang (Sep 13)
- Re: Using PP Peter Bates (Sep 13)
- Re: Using PP Pratik Narang (Sep 13)
- Re: Using PP John York (Sep 13)
- Re: Using PP Michael Steele (Sep 13)
- Re: Using PP Heine Lysemose (Sep 13)