Snort mailing list archives
Re: Problem with community rule set
From: Terry John <Terry.John () completeautomotivesolutions co uk>
Date: Tue, 3 Nov 2015 14:23:17 +0000
I'm aware 2970 is EOL. I didn't understand why the same rule_url was asking for different versions but that's academic now. Because removing the 'www' did work. On both of them! So it's all good now. The working rule is: rule_url=https://snort.org/downloads/community/|community-rules.tar.gz|Community Your reference to the blog entry was correct. I'd found http://seclists.org/snort/2015/q4/150 in which the www is in the url. Can't see why it should make a difference but it did. Thanks very much Terry From: Y M [mailto:snort () outlook com] Sent: 03 November 2015 13:26 To: Terry John Cc: snort-users Subject: RE: [Snort-users] Problem with community rule set I think you need to remove the "www". Check this blog post on Snort's blog for the current working URL: http://blog.snort.org/2015/10/are-you-getting-404-errors-attempting.html For the second part of the question, do you have other rule_url variables defined in pulledpork.conf? I think the 2970 is EOL: https://www.snort.org/eol YM _____________________________ From: Terry John <terry.john () completeautomotivesolutions co uk<mailto:terry.john () completeautomotivesolutions co uk>> Sent: Tuesday, November 3, 2015 4:03 PM Subject: RE: [Snort-users] Problem with community rule set To: Y M <snort () outlook com<mailto:snort () outlook com>>, snort-users <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>> I tried the recommended rule_url=https://www.snort.org/downloads/community/|community-rules.tar.gz|Community But on both servers it gave me a 422 error but on the bad server it was still looking for the snortrules-snapshot-2970.tar.gz file Terry From: Y M [mailto:snort () outlook com] Sent: 03 November 2015 12:48 To: Terry John; snort-users Subject: Re: [Snort-users] Problem with community rule set The URLs and the difference between them that you are seeing is for the registered/subscribed rules. Community ruleset tarball does not have version numbers. YM On Tue, Nov 3, 2015 at 4:20 AM -0800, "Terry John" <Terry.John () completeautomotivesolutions co uk<mailto:Terry.John () completeautomotivesolutions co uk>> wrote: I have 2 servers with what I think are identical requests for pulled pork. I have cut and paste the same thing: rule_url=https://www.snort.org/downloads/community/|community-rules.tar.gz|<oinkcode><https://www.snort.org/downloads/community/|community-rules.tar.gz|%3coinkcode%3e> One correctly says: Checking latest MD5 for snortrules-snapshot-2975.tar.gz.... The other says: Checking latest MD5 for snortrules-snapshot-2970.tar.gz.... Which is no longer available so pulled pork fails Can anyone tell me why? Thanks Terry The Manheim group of companies within the UK comprises: Manheim Europe Limited (registered number: 03183918<tel:03183918>), Manheim Auctions Limited (registered number: 00448761<tel:00448761>), Manheim Retail Services Limited (registered number: 02838588<tel:02838588>), Motors.co.uk<http://motors.co.uk> Limited (registered number: 05975777<tel:05975777>), Real Time Communications Limited (registered number: 04277845<tel:04277845>) and Complete Automotive Solutions Limited (registered number: 05302535<tel:05302535>). Each of these companies is registered in England and Wales with the registered office address of Central House, Leeds Road, Rothwell, Leeds LS26 0JE. The Manheim group of companies operates under various brand/trading names including Manheim Inspection Services, Manheim Auctions, Manheim Direct, Manheim De-fleet and Manheim Aftersales Solutions. V:0CF72C13B2AC
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Problem with community rule set Terry John (Nov 03)
- Re: Problem with community rule set Y M (Nov 03)
- Re: Problem with community rule set Terry John (Nov 03)
- Re: Problem with community rule set Y M (Nov 03)
- Re: Problem with community rule set Terry John (Nov 03)
- Re: Problem with community rule set Doug Burks (Nov 03)
- Re: Problem with community rule set Terry John (Nov 03)
- Re: Problem with community rule set Y M (Nov 03)