Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Error 500 today?

From: Dave Corsello <snort-users () wintertreemedia com>
Date: Thu, 08 Jan 2015 11:46:39 -0500
I also received a 500 error today on one of two Snort 2.9.7.0 sensors. The first failed, and a half-hour later the other succeeded. No changes on my end, identical OS, Snort version, etc. on both. 

Also got the following output from pulledpork on one of two sensors on 1/6:

Couldn't read /tmp/978.844374259101-black_list.rules - No such file or directory
 at /usr/local/bin/pulledpork.pl line 487
Also got a 520 error on one of two sensors on 12/29. These errors are outliers, and it's not the same sensor that fails each time. 

On 1/7/2015 12:15 PM, Jefferson, Shawn wrote:


I seem to be having a similar problem downloading rules via pulledpork.
The strange thing is that it works fine on my Ubuntu 10.04 installs, but does not work on Ubuntu 12.04. I get a 500 error trying to download snort rules. Emerging Threats rules work fine. We did switch to a different proxy server around that time, and I’ve been troubleshooting from that angle, since it seemed like most people aren’t having a problem any longer? However, even going back to my old proxy, which is still in place, the rule downloads still do not work. 

Any suggestions on how to fix or further troubleshoot this?

*From:*Joel Esler (jesler) [mailto:jesler () cisco com]
*Sent:* December 15, 2014 10:23 AM
*To:* Andre DiMino
*Cc:* snort-users mailinglist
*Subject:* Re: [Snort-users] Error 500 today?

Fantastic.

Apparently we were having problems will older versions of Wget and curl..

--
*Joel Esler*
Open Source Manager
Threat Intelligence Team Lead
Talos

    On Dec 15, 2014, at 1:11 PM, Andre DiMino
    <adimino () sempersecurus org <mailto:adimino () sempersecurus org>> wrote:

    Works great now Joel.

    Thanks very much !

    On Mon, Dec 15, 2014 at 12:53 PM, Joel Esler (jesler)
    <jesler () cisco com <mailto:jesler () cisco com>> wrote:

    We made some changes within in the past hour.  Still seeing the issue?

    On Dec 15, 2014, at 10:29 AM, Andre DiMino
    <adimino () sempersecurus org <mailto:adimino () sempersecurus org>>
    wrote:

    Does anyone know if this was addressed and fixed?
    As of this morning, I still am seeing Error 500 when using pulledpork.
    My last successful update was 12/7/14

    Thanks!
    Andre'

    On Fri, Dec 5, 2014 at 1:55 PM, Jeremy Hoel <jthoel () gmail com
    <mailto:jthoel () gmail com>> wrote:

    Joel posted to the list earlier that they where moving g snort.org
    <http://snort.org> around
    and there might be some issues.

    On Dec 5, 2014 11:44 AM, "Andre DiMino" <adimino () sempersecurus org
    <mailto:adimino () sempersecurus org>> wrote:


    Everything worked fine up until this morning.  Now I see:

    "Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
    Error 500 when fetching
    https://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5 at
    /home/xxx/xxx/pulledpork-0.7.0/pulledpork.pl line 463.

    main::md5file('my_oinkcode', 'snortrules-snapshot-2962.tar.gz',
    '/tmp/',
    'https://www.snort.org/reg-rules/&apos;
    <https://www.snort.org/reg-rules/%27>) called at
    /home/xxx/xxx/pulledpork-0.7.0/pulledpork.pl line 1847"

    Any thoughts?
    --

    Andre' M. DiMino
    DeepEnd Research
    http://deependresearch.org
    http://sempersecurus.org

    "Make sure that nobody pays back wrong for wrong, but always try to be
    kind to each other and to everyone else" - 1 Thess 5:15 (NIV)


    ------------------------------------------------------------------------------
    Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
    from Actuate! Instantly Supercharge Your Business Reports and
    Dashboards
    with Interactivity, Sharing, Native Excel Exports, App Integration
    & more
    Get technology previously reserved for billion-dollar
    corporations, FREE

    http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
    _______________________________________________
    Snort-users mailing list
    Snort-users () lists sourceforge net
    <mailto:Snort-users () lists sourceforge net>
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

    Please visit http://blog.snort.org to stay current on all the
    latest Snort
    news!




    --

    Andre' M. DiMino
    DeepEnd Research
    http://deependresearch.org
    http://sempersecurus.org

    "Make sure that nobody pays back wrong for wrong, but always try to be
    kind to each other and to everyone else" - 1 Thess 5:15 (NIV)

    ------------------------------------------------------------------------------
    Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
    from Actuate! Instantly Supercharge Your Business Reports and
    Dashboards
    with Interactivity, Sharing, Native Excel Exports, App Integration
    & more
    Get technology previously reserved for billion-dollar
    corporations, FREE
    http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
    _______________________________________________
    Snort-users mailing list
    Snort-users () lists sourceforge net
    <mailto:Snort-users () lists sourceforge net>
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

    Please visit http://blog.snort.org to stay current on all the
    latest Snort
    news!
-- 
    Andre' M. DiMino
    DeepEnd Research
    http://deependresearch.org
    http://sempersecurus.org

    "Make sure that nobody pays back wrong for wrong, but always try to be
    kind to each other and to everyone else" - 1 Thess 5:15 (NIV)



------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!



------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: