Snort mailing list archives
[SOLVED] RE: HTTP 422 when trying to download rulesets with pulledpork
From: Anshuman Anil Deshmukh <anshuman () cybage com>
Date: Tue, 15 Jul 2014 11:34:29 +0000
Thanks Joel for pointing out the issue. I have upgraded to latest version of Snort and now there are no issues updating the rules. Regards, Anshuman From: Joel Esler (jesler) [mailto:jesler () cisco com] Sent: Sunday, July 13, 2014 6:20 PM To: Anshuman Anil Deshmukh Cc: snort-users mailinglist Subject: Re: [Snort-users] HTTP 422 when trying to download rulesets with pulledpork Downloading 2956 rules should work for you until you can upgrade. -- Joel Esler Sent from my iPhone On Jul 13, 2014, at 6:32, "Anshuman Anil Deshmukh" <anshuman () cybage com<mailto:anshuman () cybage com>> wrote: Yes Joel I am still on 2950 Regards, Anshuman Sent from Handheld On 13-Jul-2014 12:19 pm, "Joel Esler (jesler)" <jesler () cisco com<mailto:jesler () cisco com>> wrote: Ah, you are trying to download 2950. That version is EOL. -- Joel Esler Sent from my iPhone On Jul 13, 2014, at 1:29, "Anshuman Anil Deshmukh" <anshuman () cybage com<mailto:anshuman () cybage com>> wrote: Hi Joel, I am still getting the error. Below is the detailed log of pulledpork just for you to check what should have gone wrong. Please note that I have removed my oinkcode from the log. As said in my previous mail I was able to update the rules previously with no issues. I am getting this error since the time the website snort.org<http://snort.org> was migrated to the newer version. Command - perl pulledpork.pl -c /etc/pulledpork070/pulledpork-0.7.0/etc/pulledpork.conf -m /etc/snort/sid-msg.map -I security -P -vv http://code.google.com/p/pulledpork/ _____ ____ `----,\ ) `--==\\ / PulledPork v0.7.0 - Swine Flu! `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2013 JJ Cummings @_/ / 66\_ cummingsj () gmail com<mailto:cummingsj () gmail com> | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Use of uninitialized value $Value in pattern match (m//) at pulledpork.pl line 108, <CONFIG> line 175. Config File Variable Debug /etc/pulledpork070/pulledpork-0.7.0/etc/pulledpork.conf snort_path = /usr/sbin/snort black_list = /etc/snort/rules/default.blacklist pid_path = /var/run/snort_eth2.pid,/var/run/barnyard2.pid IPRVersion = /etc/snort/rules/default.blacklist rule_path = /etc/snort/rules/snort.rules ignore = deleted.rules,experimental.rules,local.rules rule_url = ARRAY(0x1aecbb0) snort_version = 2.9.5.0 sid_msg_version = 1 sid_changelog = /var/log/sid_changes.log sid_msg = /etc/snort/sid-msg.map backup_file = /tmp/pp070_backup config_path = /etc/snort/snort.conf temp_path = /etc/snort/tmp/ distro = Centos-5-4 version = 0.7.0 sorule_path = /usr/local/lib/snort_dynamicrules/ disablesid = /etc/pulledpork070/pulledpork-0.7.0/etc/disablesid.conf MISC (CLI and Autovar) Variable Debug: Process flag specified! arch Def is: x86-64 Config Path is: /etc/pulledpork070/pulledpork-0.7.0/etc/pulledpork.conf Distro Def is: Centos-5-4 security policy specified Rules file is: /etc/snort/rules/snort.rules Path to disablesid file: /etc/pulledpork070/pulledpork-0.7.0/etc/disablesid.conf sid changes will be logged to: /var/log/sid_changes.log sid-msg.map Output Path is: /etc/snort/sid-msg.map Snort Version is: 2.9.5.0 Snort Config File: /etc/snort/snort.conf Snort Path is: /usr/sbin/snort SO Output Path is: /usr/local/lib/snort_dynamicrules/ Will process SO rules Extra Verbose Flag is Set Verbose Flag is Set Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|oinkcode https://www.snort.org/reg-rules/|opensource.gz|oinkcode https://rules.emergingthreats.net/|emerging.rules.tar.gz|open https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open Checking latest MD5 for snortrules-snapshot-2950.tar.gz.... Fetching md5sum for: snortrules-snapshot-2950.tar.gz.md5 ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz.md5/oinkcode ==> 422 Unprocessable Entity (1s) Error 422 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz.md5 at pulledpork.pl line 463 main::md5file('oinkcode', 'snortrules-snapshot-2950.tar.gz', '/etc/snort/tmp/', 'https://www.snort.org/reg-rules/') called at pulledpork.pl line 1847 Regards, Anshuman From: Joel Esler (jesler) [mailto:jesler () cisco com] Sent: Sunday, July 13, 2014 5:31 AM To: Joel Esler (jesler) Cc: snort-users mailinglist Subject: Re: [Snort-users] HTTP 422 when trying to download rulesets with pulledpork BTW - This has been fixed. Don't remember if I addressed this with the list yesterday, but if anyone is seeing any more issues with downloads and purchases or if you just want to provide some feedback on the new Snort.org<http://Snort.org>, please let us know! -- Joel Esler Open Source Manager Threat Intelligence Team Lead Vulnerability Research Team On Jul 11, 2014, at 11:52 AM, Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> wrote: We've identified the issue with opensource.gz. This should be fixed shortly. On Jul 11, 2014, at 10:37 AM, Avery Rozar <Avery.Rozar () i-techsupport com<mailto:Avery.Rozar () i-techsupport com>> wrote: I was getting the same thing on opensource.gz. I had to comment that out for it to work. From: Anshuman Anil Deshmukh <anshuman () cybage com<mailto:anshuman () cybage com><mailto:anshuman () cybage com>> Date: Friday, July 11, 2014 at 10:02 AM To: "'Joel Esler (jesler)'" <jesler () cisco com<mailto:jesler () cisco com><mailto:jesler () cisco com>> Cc: snort-users mailinglist <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net><mailto:snort-users () lists sourceforge net>> Subject: Re: [Snort-users] HTTP 422 when trying to download rulesets with pulledpork Hi Joel, Here is where I am downloading from- rule_url=https://www.snort.org/reg-rules/|opensource.gz|e5454e32094dd017be5907b5cacb387eb55d2152 rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open rule_url=https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community rule_url=http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open Just to let you know I was able to download the rules till day before yesterday. Regards, Anshuman From: Joel Esler (jesler) [mailto:jesler () cisco com] Sent: Friday, July 11, 2014 5:42 PM To: Anshuman Anil Deshmukh Cc: snort-users mailinglist Subject: Re: [Snort-users] HTTP 422 when trying to download rulesets with pulledpork What file are you trying to download? -- Joel Esler Sent from my iPhone On Jul 11, 2014, at 3:21, "Anshuman Anil Deshmukh" <anshuman () cybage com<mailto:anshuman () cybage com><mailto:anshuman () cybage com>> wrote: Hi, We are still having issues downloading the rules. Is this going to take some more time to fix? Regards, Anshuman From: Joel Esler (jesler) [mailto:jesler () cisco com] Sent: Friday, July 11, 2014 12:10 AM To: Starner, Mark Cc: snort-users mailinglist Subject: Re: [Snort-users] HTTP 422 when trying to download rulesets with pulledpork It's an error on our side, you shouldn't have to change a thing. On Jul 10, 2014, at 2:15 PM, Starner, Mark <mark.starner () unisys com<mailto:mark.starner () unisys com><mailto:mark.starner () unisys com>> wrote: So, once it is working on the snort.org<http://snort.org><http://snort.org/> website, the new rule_url line should be as you specified below, with no |, ignoring the rules specified? # note that the url, rule file, and oinkcode itself are separated by a pipe | # i.e. url|tarball|123456789 Very confused! Thanks Mark From: Shirkdog [mailto:shirkdog () gmail com] Sent: Thursday, July 10, 2014 8:46 AM To: Anshuman Anil Deshmukh Cc: snort-users mailinglist Subject: Re: [Snort-users] HTTP 422 when trying to download rulesets with pulledpork I will work on updating the default for pulled pork, but use the following URL, per the new website: https://www.snort.org/rules/snortrules-snapshot-29xx-tar.gz?<oinkcode><https://www.snort.org/rules/snortrules-snapshot-29xx-tar.gz?%3coinkcode%3e> On Jul 10, 2014 8:40 AM, "Anshuman Anil Deshmukh" <anshuman () cybage com<mailto:anshuman () cybage com<mailto:anshuman () cybage com%3cmailto:anshuman () cybage com>>> wrote: Hi, Even I am getting such error. in my case the only difference is that I am on the older version. Is it something to do with the recent changes that happened on the website? Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<https://www.snort.org/reg-rules/%7Csnortrules-snapshot.tar.gz%7C><my<https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|%3chttps:/www.snort.org/reg-rules/%7Csnortrules-snapshot.tar.gz%7C%3e%3cmy> oinkcode>https://www.snort.org/reg-rules/|opensource.gz|<https://www.snort.org/reg-rules/%7Copensource.gz%7C><my<https://www.snort.org/reg-rules/|opensource.gz|%3chttps:/www.snort.org/reg-rules/%7Copensource.gz%7C%3e%3cmy> oinkcode>https://rules.emergingthreats.net/|emerging.rules.tar.gz|open<https://rules.emergingthreats.net/%7Cemerging.rules.tar.gz%7Copen<https://rules.emergingthreats.net/|emerging.rules.tar.gz|open%3chttps:/rules.emergingthreats.net/%7Cemerging.rules.tar.gz%7Copen>> https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community<https://s3.amazonaws.com/snort-org/www/rules/community/%7Ccommunity-rules.tar.gz%7CCommunity<https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules.tar.gz|Community%3chttps:/s3.amazonaws.com/snort-org/www/rules/community/%7Ccommunity-rules.tar.gz%7CCommunity>> http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open<http://labs.snort.org/feeds/ip-filter.blf%7CIPBLACKLIST%7Copen<http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open%3chttp:/labs.snort.org/feeds/ip-filter.blf%7CIPBLACKLIST%7Copen>> Checking latest MD5 for snortrules-snapshot-2950.tar.gz.... Fetching md5sum for: snortrules-snapshot-2950.tar.gz.md5 ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz.md5/<my<https://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz.md5/%3cmy> oinkcode> ==> 422 Unprocessable Entity (2s) Error 422 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2950.tar.gz.md5 atpulledpork.pl<http://pulledpork.pl/> line 463 main::md5file('<my oinkcode>', 'snortrules-snapshot-2950.tar.gz', '/etc/snort/tmp/', 'https://www.snort.org/reg-rules/') called at pulledpork.pl<http://pulledpork.pl/> line 1847 Regards, Anshuman -----Original Message----- From: Laszlo Toth [mailto:laszlo.toth () linguamatics com<mailto:laszlo.toth () linguamatics com><mailto:laszlo.toth () linguamatics com%3cmailto:laszlo.toth () linguamatics com%3e>] Sent: Thursday, July 10, 2014 5:00 PM To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net%3cmailto:snort-users () lists sourceforge net>> Subject: [Snort-users] HTTP 422 when trying to download rulesets with pulledpork Hi, I'm trying to download the registered rules with pulledpork but I'm getting the following error message: Rules tarball download of snortrules-snapshot-2961.tar.gz.... Error 422 when fetching snortrules-snapshot-2961.tar.gz at ./pulledpork.pl<http://pulledpork.pl/> line 408 main::rulefetch('oinkcode', 'snortrules-snapshot-2961.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules/') called at ./pulledpork.pl<http://pulledpork.pl/> line 1856 Pulledpork rule config: rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|oinkcode<https://www.snort.org/reg-rules/%7Csnortrules-snapshot.tar.gz%7Coinkcode> I get the same HTTP response code when I try to manually download the rules fromhttps://www.snort.org/reg-rules/snortrules-snapshot-2961.tar.gz/oinkcode Am I missing something? Thanks, Laszlo -- Laszlo Toth Systems administrator Linguamatics 324 Cambridge Science Park Milton Road Cambridge CB4 0WG UK Telephone number: +44 (0)1223 651910<tel:%2B44%20%280%291223%20651910> www.linguamatics.com<http://www.linguamatics.com/<http://www.linguamatics.com%3chttp:/www.linguamatics.com/>> ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net%3cmailto:Snort-users () lists sourceforge net>> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org<http://blog.snort.org/<http://blog.snort.org%3chttp:/blog.snort.org/>> to stay current on all the latest Snort news! "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." www.cybage.com<http://www.cybage.com/<http://www.cybage.com%3chttp:/www.cybage.com/>> ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net%3cmailto:Snort-users () lists sourceforge net>> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org<http://blog.snort.org/<http://blog.snort.org%3chttp:/blog.snort.org/>> to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net%3cmailto:Snort-users () lists sourceforge net>> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." www.cybage.com<http://www.cybage.com<http://www.cybage.com%3chttp:/www.cybage.com>> ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net%3cmailto:Snort-users () lists sourceforge net>> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." www.cybage.com<http://www.cybage.com> ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." www.cybage.com<http://www.cybage.com> "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." www.cybage.com<http://www.cybage.com> "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." www.cybage.com
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- [SOLVED] RE: HTTP 422 when trying to download rulesets with pulledpork Anshuman Anil Deshmukh (Jul 15)