Re: Community Rules and Pulled Pork

[Joel Esler <jesler () sourcefire com>]

I'll have the admins take a look.  It may clear up when the new community pack is rolled up tonight. 

Sent from my iPhone

> On Oct 21, 2013, at 18:28, Jeremy Hoel <jthoel () gmail com> wrote:
>
> I'm seeing the same thing. It looks like the md5 file is missing.
>
> https://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz.md5
> comes down but is blank, hence the loop. Comment it out for now.
>
> Maybe Joel might know whats up.
>
>
>
> On Mon, Oct 21, 2013 at 6:15 PM, Ron Haines
> <rhaines () grantspassoregon gov> wrote:
> > Has something changed in the Pulled Pork process or the snort rule set
> > links?  Up until, roughly 2 weeks ago, all rule sets were updating fine.
> > Then I noticed all of the rule sets in snort were blank, like they had been
> > wiped out completely. The files were there, but no rules/data within any of
> > the files. Additionally, in the temp folder that Pulled Pork downloads the
> > rule sets to did have all of the current download files in it, so it is
> > getting the downloads.
> >
> >
> >
> > I ran the rule set update command manually:
> >
> >
> >
> > perl "c:\winids\pulledpork\pulledpork.pl" -c
> > "c:\winids\pulledpork\etc\pulledpork.conf" –T
> >
> >
> >
> > It seems to repeat the community download constantly, like it’s stuck in a
> > loop. I commented out the community rules in the pulledpork.conf and I was
> > able to get everything to update, sans community rules.
> >
> >
> >
> > Here is some of my system notes:
> >
> >
> >
> > Snort version: 2.9.4.6
> >
> > Pulled Pork Version: 0.6.1
> >
> > I am a registered user with SNORT, and not a VRT subscriber…yet.
> >
> >
> >
> >
> >
> > Any info would be appreciated. I’m just looking to see if something has
> > changed in the rule updating process (based on my versions) that caused my
> > updater to fail, and for the community rule set download process to get
> > stuck in a loop.
> >
> >
> >
> > Thank you,
> >
> >
> >
> > Ron Haines
> >
> > Computer Support Technician
> >
> > Information Technology
> >
> > Email: rhaines () grantspassoregon gov
> >
> >
> >
> > -----------------------------------------------------------
> >
> > DISCLOSURE: Messages to and from this E-mail address may be subject to
> > Oregon Public Records Law.
> >
> > -----------------------------------------------------------
> >
> >
> > ------------------------------------------------------------------------------
> > October Webinars: Code for Performance
> > Free Intel webinars can help you accelerate application performance.
> > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> > from
> > the latest Intel processors and coprocessors. See abstracts and register >
> > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest Snort
> > news!
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!