Snort mailing list archives

Re: HTTP 422 when trying to download rulesets with pulledpork

From: Anshuman Anil Deshmukh <anshuman () cybage com>
Date: Sun, 13 Jul 2014 05:29:07 +0000

Hi Joel,



I am still getting the error. Below is the detailed log of pulledpork just for you to check what should have gone 
wrong. Please note that I have removed my oinkcode from the log. As said in my previous mail I was able to update the 
rules previously with no issues. I am getting this error since the time the website snort.org was migrated to the newer 
version.



Command -

perl pulledpork.pl -c /etc/pulledpork070/pulledpork-0.7.0/etc/pulledpork.conf -m /etc/snort/sid-msg.map -I security -P 
-vv



    http://code.google.com/p/pulledpork/

      _____ ____

     `----,\    )

      `--==\\  /    PulledPork v0.7.0 - Swine Flu!

       `--==\\/

     .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings

  @_/        /  66\_  cummingsj () gmail com

    |    \   \   _(")

     \   /-| ||'--'  Rules give me wings!

      \_\  \_\\

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Use of uninitialized value $Value in pattern match (m//) at pulledpork.pl line 108, <CONFIG> line 175.

Config File Variable Debug /etc/pulledpork070/pulledpork-0.7.0/etc/pulledpork.conf

                snort_path = /usr/sbin/snort

                black_list = /etc/snort/rules/default.blacklist

                pid_path = /var/run/snort_eth2.pid,/var/run/barnyard2.pid

                IPRVersion = /etc/snort/rules/default.blacklist

                rule_path = /etc/snort/rules/snort.rules

                ignore = deleted.rules,experimental.rules,local.rules

                rule_url = ARRAY(0x1aecbb0)

                snort_version = 2.9.5.0

                sid_msg_version = 1

                sid_changelog = /var/log/sid_changes.log

                sid_msg = /etc/snort/sid-msg.map

                backup_file = /tmp/pp070_backup

                config_path = /etc/snort/snort.conf

                temp_path = /etc/snort/tmp/

                distro = Centos-5-4

                version = 0.7.0

                sorule_path = /usr/local/lib/snort_dynamicrules/

                disablesid = /etc/pulledpork070/pulledpork-0.7.0/etc/disablesid.conf

MISC (CLI and Autovar) Variable Debug:

                Process flag specified!

                arch Def is: x86-64

                Config Path is: /etc/pulledpork070/pulledpork-0.7.0/etc/pulledpork.conf

                Distro Def is: Centos-5-4

                security policy specified

                Rules file is: /etc/snort/rules/snort.rules

                Path to disablesid file: /etc/pulledpork070/pulledpork-0.7.0/etc/disablesid.conf

                sid changes will be logged to: /var/log/sid_changes.log

                sid-msg.map Output Path is: /etc/snort/sid-msg.map

                Snort Version is: 2.9.5.0

                Snort Config File: /etc/snort/snort.conf

                Snort Path is: /usr/sbin/snort

                SO Output Path is: /usr/local/lib/snort_dynamicrules/

                Will process SO rules

                Extra Verbose Flag is Set

                Verbose Flag is Set

                Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|oinkcode 
https://www.snort.org/reg-rules/|opensource.gz|oinkcode https://rules.emergingthreats.net/|emerging.rules.tar.gz|open 
https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community 
http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open

Checking latest MD5 for snortrules-snapshot-2950.tar.gz....

                Fetching md5sum for: snortrules-snapshot-2950.tar.gz.md5

** GET https://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz.md5/oinkcode ==> 422 Unprocessable Entity (1s)

                Error 422 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz.md5 at 
pulledpork.pl line 463

                main::md5file('oinkcode', 'snortrules-snapshot-2950.tar.gz', '/etc/snort/tmp/', 
'https://www.snort.org/reg-rules/&apos;) called at pulledpork.pl line 1847





Regards,

Anshuman



From: Joel Esler (jesler) [mailto:jesler () cisco com]
Sent: Sunday, July 13, 2014 5:31 AM
To: Joel Esler (jesler)
Cc: snort-users mailinglist
Subject: Re: [Snort-users] HTTP 422 when trying to download rulesets with pulledpork



BTW - This has been fixed.  Don't remember if I addressed this with the list yesterday, but if anyone is seeing any 
more issues with downloads and purchases or if you just want to provide some feedback on the new 
Snort.org<http://Snort.org>, please let us know!



--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team



On Jul 11, 2014, at 11:52 AM, Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> wrote:





We've identified the issue with opensource.gz.  This should be fixed shortly.


On Jul 11, 2014, at 10:37 AM, Avery Rozar <Avery.Rozar () i-techsupport com<mailto:Avery.Rozar () i-techsupport com>> 
wrote:




I was getting the same thing on opensource.gz. I had to comment that out for it to work.

From: Anshuman Anil Deshmukh <anshuman () cybage com<mailto:anshuman () cybage com><mailto:anshuman () cybage com>>
Date: Friday, July 11, 2014 at 10:02 AM
To: "'Joel Esler (jesler)'" <jesler () cisco com<mailto:jesler () cisco com><mailto:jesler () cisco com>>
Cc: snort-users mailinglist <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge 
net><mailto:snort-users () lists sourceforge net>>
Subject: Re: [Snort-users] HTTP 422 when trying to download rulesets with pulledpork

Hi Joel,

Here is where I am downloading from-

rule_url=https://www.snort.org/reg-rules/|opensource.gz|e5454e32094dd017be5907b5cacb387eb55d2152
rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open
rule_url=https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community
rule_url=http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open

Just to let you know I was able to download the rules till day before yesterday.


Regards,
Anshuman

From: Joel Esler (jesler) [mailto:jesler () cisco com]
Sent: Friday, July 11, 2014 5:42 PM
To: Anshuman Anil Deshmukh
Cc: snort-users mailinglist
Subject: Re: [Snort-users] HTTP 422 when trying to download rulesets with pulledpork

What file are you trying to download?

--
Joel Esler
Sent from my iPhone

On Jul 11, 2014, at 3:21, "Anshuman Anil Deshmukh" <anshuman () cybage com<mailto:anshuman () cybage 
com><mailto:anshuman () cybage com>> wrote:
Hi,

We are still having issues downloading the rules. Is this going to take some more time to fix?


Regards,
Anshuman

From: Joel Esler (jesler) [mailto:jesler () cisco com]
Sent: Friday, July 11, 2014 12:10 AM
To: Starner, Mark
Cc: snort-users mailinglist
Subject: Re: [Snort-users] HTTP 422 when trying to download rulesets with pulledpork

It's an error on our side, you shouldn't have to change a thing.


On Jul 10, 2014, at 2:15 PM, Starner, Mark <mark.starner () unisys com<mailto:mark.starner () unisys 
com><mailto:mark.starner () unisys com>> wrote:



So, once it is working on the snort.org<http://snort.org><http://snort.org/> website, the new rule_url line should be 
as you specified below, with no |, ignoring the rules specified?
# note that the url, rule file, and oinkcode itself are separated by a pipe |
# i.e. url|tarball|123456789

Very confused!

Thanks
Mark


From: Shirkdog [mailto:shirkdog () gmail com]
Sent: Thursday, July 10, 2014 8:46 AM
To: Anshuman Anil Deshmukh
Cc: snort-users mailinglist
Subject: Re: [Snort-users] HTTP 422 when trying to download rulesets with pulledpork


I will work on updating the default for pulled pork, but use the following URL, per the new website:

https://www.snort.org/rules/snortrules-snapshot-29xx-tar.gz?<oinkcode><https://www.snort.org/rules/snortrules-snapshot-29xx-tar.gz?%3coinkcode%3e>
On Jul 10, 2014 8:40 AM, "Anshuman Anil Deshmukh" <anshuman () cybage com<mailto:anshuman () cybage com<mailto:anshuman 
() cybage com%3cmailto:anshuman () cybage com>>> wrote:

Hi,



Even I am getting such error. in my case the only difference is that I am on the older version. Is it something to do 
with the recent changes that happened on the website?



Base URL is: 
https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<https://www.snort.org/reg-rules/%7Csnortrules-snapshot.tar.gz%7C><my<https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|%3chttps:/www.snort.org/reg-rules/%7Csnortrules-snapshot.tar.gz%7C%3e%3cmy>
 
oinkcode>https://www.snort.org/reg-rules/|opensource.gz|<https://www.snort.org/reg-rules/%7Copensource.gz%7C><my<https://www.snort.org/reg-rules/|opensource.gz|%3chttps:/www.snort.org/reg-rules/%7Copensource.gz%7C%3e%3cmy>
 
oinkcode>https://rules.emergingthreats.net/|emerging.rules.tar.gz|open<https://rules.emergingthreats.net/%7Cemerging.rules.tar.gz%7Copen<https://rules.emergingthreats.net/|emerging.rules.tar.gz|open%3chttps:/rules.emergingthreats.net/%7Cemerging.rules.tar.gz%7Copen>>
 
https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community<https://s3.amazonaws.com/snort-org/www/rules/community/%7Ccommunity-rules.tar.gz%7CCommunity<https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community%3chttps:/s3.amazonaws.com/snort-org/www/rules/community/%7Ccommunity-rules.tar.gz%7CCommunity>>
 
http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open<http://labs.snort.org/feeds/ip-filter.blf%7CIPBLACKLIST%7Copen<http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open%3chttp:/labs.snort.org/feeds/ip-filter.blf%7CIPBLACKLIST%7Copen>>

Checking latest MD5 for snortrules-snapshot-2950.tar.gz....

              Fetching md5sum for: snortrules-snapshot-2950.tar.gz.md5

** GET 
https://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz.md5/<my<https://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz.md5/%3cmy>
 oinkcode> ==> 422 Unprocessable Entity (2s)

              Error 422 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz.md5 
atpulledpork.pl<http://pulledpork.pl/> line 463

              main::md5file('<my oinkcode>', 'snortrules-snapshot-2950.tar.gz', '/etc/snort/tmp/', 
'https://www.snort.org/reg-rules/&apos;) called at pulledpork.pl<http://pulledpork.pl/> line 1847





Regards,

Anshuman





-----Original Message-----
From: Laszlo Toth [mailto:laszlo.toth () linguamatics com<mailto:laszlo.toth () linguamatics com><mailto:laszlo.toth () 
linguamatics com%3cmailto:laszlo.toth () linguamatics com%3e>]
Sent: Thursday, July 10, 2014 5:00 PM
To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net<mailto:snort-users () lists 
sourceforge net%3cmailto:snort-users () lists sourceforge net>>
Subject: [Snort-users] HTTP 422 when trying to download rulesets with pulledpork



Hi,



I'm trying to download the registered rules with pulledpork but I'm getting the following error message:



Rules tarball download of snortrules-snapshot-2961.tar.gz....

       Error 422 when fetching snortrules-snapshot-2961.tar.gz at ./pulledpork.pl<http://pulledpork.pl/> line 408

       main::rulefetch('oinkcode', 'snortrules-snapshot-2961.tar.gz',

'/tmp/', 'https://www.snort.org/reg-rules/&apos;) called at ./pulledpork.pl<http://pulledpork.pl/> line 1856



Pulledpork rule config:

rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|oinkcode<https://www.snort.org/reg-rules/%7Csnortrules-snapshot.tar.gz%7Coinkcode>





I get the same HTTP response code when I try to manually download the rules 
fromhttps://www.snort.org/reg-rules/snortrules-snapshot-2961.tar.gz/oinkcode



Am I missing something?

Thanks,

Laszlo



--

Laszlo Toth

Systems administrator

Linguamatics

324 Cambridge Science Park

Milton Road

Cambridge

CB4 0WG

UK

Telephone number:

+44 (0)1223 651910<tel:%2B44%20%280%291223%20651910>

www.linguamatics.com<http://www.linguamatics.com/<http://www.linguamatics.com%3chttp:/www.linguamatics.com/>>





------------------------------------------------------------------------------

Open source business process management suite built on Java and Eclipse Turn processes into business applications with 
Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, 
CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft_______________________________________________

Snort-users mailing list

Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net<mailto:Snort-users () lists 
sourceforge net%3cmailto:Snort-users () lists sourceforge net>>

Go to this URL to change user options or unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users



Please visit http://blog.snort.org<http://blog.snort.org/<http://blog.snort.org%3chttp:/blog.snort.org/>> to stay 
current on all the latest Snort news!




"Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited 
which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for 
the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this 
message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply 
e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the 
risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious 
content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or 
attachment." www.cybage.com<http://www.cybage.com/<http://www.cybage.com%3chttp:/www.cybage.com/>>

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net<mailto:Snort-users () lists 
sourceforge net%3cmailto:Snort-users () lists sourceforge net>>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/<http://blog.snort.org%3chttp:/blog.snort.org/>> to stay 
current on all the latest Snort news!
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net<mailto:Snort-users () lists 
sourceforge net%3cmailto:Snort-users () lists sourceforge net>>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!



"Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited 
which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for 
the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this 
message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply 
e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the 
risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious 
content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or 
attachment." www.cybage.com<http://www.cybage.com<http://www.cybage.com%3chttp:/www.cybage.com>>
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net<mailto:Snort-users () lists 
sourceforge net%3cmailto:Snort-users () lists sourceforge net>>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


"Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited 
which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for 
the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this 
message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply 
e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the 
risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious 
content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or 
attachment." www.cybage.com<http://www.cybage.com>



------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!





"Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited 
which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for 
the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this 
message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply 
e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the 
risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious 
content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or 
attachment." 
www.cybage.com

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: HTTP 422 when trying to download rulesets with pulledpork, (continued)
- - - Re: HTTP 422 when trying to download rulesets with pulledpork Joel Esler (jesler) (Jul 10)
  - Re: HTTP 422 when trying to download rulesets with pulledpork Starner, Mark (Jul 10)
    - Re: HTTP 422 when trying to download rulesets with pulledpork Joel Esler (jesler) (Jul 10)
- Re: HTTP 422 when trying to download rulesets with pulledpork Anshuman Anil Deshmukh (Jul 11)
  - Re: HTTP 422 when trying to download rulesets with pulledpork Stark, Vernon L. (Jul 11)
  - Re: HTTP 422 when trying to download rulesets with pulledpork Joel Esler (jesler) (Jul 11)
    - Re: HTTP 422 when trying to download rulesets with pulledpork Anshuman Anil Deshmukh (Jul 11)
    - Re: HTTP 422 when trying to download rulesets with pulledpork Avery Rozar (Jul 11)
    - Re: HTTP 422 when trying to download rulesets with pulledpork Joel Esler (jesler) (Jul 11)
    - Re: HTTP 422 when trying to download rulesets with pulledpork Joel Esler (jesler) (Jul 12)
    - Re: HTTP 422 when trying to download rulesets with pulledpork Anshuman Anil Deshmukh (Jul 12)
    - Re: HTTP 422 when trying to download rulesets with pulledpork Joel Esler (jesler) (Jul 12)
    - Re: HTTP 422 when trying to download rulesets with pulledpork Anshuman Anil Deshmukh (Jul 13)
    - Re: HTTP 422 when trying to download rulesets with pulledpork Joel Esler (jesler) (Jul 13)
    - Re: HTTP 422 when trying to download rulesets with pulledpork Avery Rozar (Jul 13)
    - Re: HTTP 422 when trying to download rulesets with pulledpork Joel Esler (jesler) (Jul 13)
    - Re: HTTP 422 when trying to download rulesets with pulledpork Avery Rozar (Jul 13)
    - Re: HTTP 422 when trying to download rulesets with pulledpork Joel Esler (jesler) (Jul 13)
    - Re: HTTP 422 when trying to download rulesets with pulledpork Avery Rozar (Jul 13)