Snort mailing list archives
Re: Error 500 today?
From: Dave Corsello <snort-users () wintertreemedia com>
Date: Thu, 08 Jan 2015 11:46:39 -0500
I also received a 500 error today on one of two Snort 2.9.7.0 sensors. The first failed, and a half-hour later the other succeeded. No changes on my end, identical OS, Snort version, etc. on both.
Also got the following output from pulledpork on one of two sensors on 1/6: Couldn't read /tmp/978.844374259101-black_list.rules - No such file or directory at /usr/local/bin/pulledpork.pl line 487Also got a 520 error on one of two sensors on 12/29. These errors are outliers, and it's not the same sensor that fails each time.
On 1/7/2015 12:15 PM, Jefferson, Shawn wrote:
I seem to be having a similar problem downloading rules via pulledpork.The strange thing is that it works fine on my Ubuntu 10.04 installs, but does not work on Ubuntu 12.04. I get a 500 error trying to download snort rules. Emerging Threats rules work fine. We did switch to a different proxy server around that time, and I’ve been troubleshooting from that angle, since it seemed like most people aren’t having a problem any longer? However, even going back to my old proxy, which is still in place, the rule downloads still do not work.Any suggestions on how to fix or further troubleshoot this? *From:*Joel Esler (jesler) [mailto:jesler () cisco com] *Sent:* December 15, 2014 10:23 AM *To:* Andre DiMino *Cc:* snort-users mailinglist *Subject:* Re: [Snort-users] Error 500 today? Fantastic. Apparently we were having problems will older versions of Wget and curl.. -- *Joel Esler* Open Source Manager Threat Intelligence Team Lead Talos On Dec 15, 2014, at 1:11 PM, Andre DiMino <adimino () sempersecurus org <mailto:adimino () sempersecurus org>> wrote: Works great now Joel. Thanks very much ! On Mon, Dec 15, 2014 at 12:53 PM, Joel Esler (jesler) <jesler () cisco com <mailto:jesler () cisco com>> wrote: We made some changes within in the past hour. Still seeing the issue? On Dec 15, 2014, at 10:29 AM, Andre DiMino <adimino () sempersecurus org <mailto:adimino () sempersecurus org>> wrote: Does anyone know if this was addressed and fixed? As of this morning, I still am seeing Error 500 when using pulledpork. My last successful update was 12/7/14 Thanks! Andre' On Fri, Dec 5, 2014 at 1:55 PM, Jeremy Hoel <jthoel () gmail com <mailto:jthoel () gmail com>> wrote: Joel posted to the list earlier that they where moving g snort.org <http://snort.org> around and there might be some issues. On Dec 5, 2014 11:44 AM, "Andre DiMino" <adimino () sempersecurus org <mailto:adimino () sempersecurus org>> wrote: Everything worked fine up until this morning. Now I see: "Checking latest MD5 for snortrules-snapshot-2962.tar.gz.... Error 500 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5 at /home/xxx/xxx/pulledpork-0.7.0/pulledpork.pl line 463. main::md5file('my_oinkcode', 'snortrules-snapshot-2962.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules/' <https://www.snort.org/reg-rules/%27>) called at /home/xxx/xxx/pulledpork-0.7.0/pulledpork.pl line 1847" Any thoughts? -- Andre' M. DiMino DeepEnd Research http://deependresearch.org http://sempersecurus.org "Make sure that nobody pays back wrong for wrong, but always try to be kind to each other and to everyone else" - 1 Thess 5:15 (NIV) ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! -- Andre' M. DiMino DeepEnd Research http://deependresearch.org http://sempersecurus.org "Make sure that nobody pays back wrong for wrong, but always try to be kind to each other and to everyone else" - 1 Thess 5:15 (NIV) ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!--Andre' M. DiMino DeepEnd Research http://deependresearch.org http://sempersecurus.org "Make sure that nobody pays back wrong for wrong, but always try to be kind to each other and to everyone else" - 1 Thess 5:15 (NIV) ------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Error 500 today? Jefferson, Shawn (Jan 07)
- Re: Error 500 today? Joel Esler (jesler) (Jan 07)
- Re: Error 500 today? Jefferson, Shawn (Jan 08)
- Re: Error 500 today? Joel Esler (jesler) (Jan 08)
- Re: Error 500 today? Jefferson, Shawn (Jan 08)
- Re: Error 500 today? Dave Corsello (Jan 08)
- Re: Error 500 today? Joel Esler (jesler) (Jan 07)