Snort mailing list archives
I'm so close I smell Bacon... little more help thanks!
From: PR <oly562 () gmail com>
Date: Fri, 14 Sep 2012 00:15:37 -0700
ok, i am loaded pulledpork.conf... oh and im still sorta waiting for the
info i asked earlier, but i think i have gotten past all that now...
moving forward...
1. i ran this:
./pulledpork.pl -s /etc/snort/so_rules -p /usr/local/bin/snort
-C /etc/snort.conf -i /etc/snort/disablesid.conf
-b /etc/snort/dropsid.conf -e /etc/snort/enablesid.conf
-M /etc/snort/modifysid.conf -e /etc/snort/enablesid.conf
-c /etc/snort/pulledpork.conf -o /etc/snort/rules/
2. i got this:
Use of uninitialized value $arch in regexp compilation
at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation
at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation
at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation
at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation
at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation
at ./pulledpork.pl line 271.
Done!
~
~
Checking latest MD5 for emerging.rules.tar.gz....
Error 500 when fetching
https://rules.emergingthreats.net/open/snort-2.9.3/emerging.rules.tar.gz.md5 at ./pulledpork.pl line 453.
main::md5file('open', 'emerging.rules.tar.gz', '/tmp/',
'https://rules.emergingthreats.net/open/snort-2.9.3/') called
at ./pulledpork.pl line 1758
3. i checked pulledpork.pl - 271 first,,,
elsif ( $filename =~ /^preproc_rules\/.*\.rules$/ ) {
$singlefile =~ s/^preproc_rules\///;
$tar->extract_file( $filename,
$temp_path . "/tha_rules/$prefix" . $singlefile );
print "\tExtracted: /tha_rules/$prefix$singlefile\n"
if ( $Verbose && !$Quiet );
}
here ??? elsif ($Sorules <<<<
&& $filename =~
or here ???
/^so_rules\/precompiled\/($Distro)\/($arch)\/($Snort)\/.*
\.so/
&& -d $Sorules
&& !$Textonly )
line 271 is var $Sorules
i believe its complaining about precompiled, ill recheck to see if i
added ubuntu 10.04 anywhere, dont think so, and im running 12.04 which
is not listed yet in docs, however, let me check, if i didn't invoke
precompiled var in pulledpork.conf, where is my mistake?
thanks
------------------------------------------------------------------------------ How fast is your code? 3 out of 4 devs don\\\'t know how their code performs in production. Find out how slow your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219672;13503038;z? http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- I'm so close I smell Bacon... little more help thanks! PR (Sep 15)
- Re: I'm so close I smell Bacon... little more help thanks! James Lay (Sep 15)
- Re: I'm so close I smell Bacon... little more help thanks! JJC (Sep 15)
- Re: I'm so close I smell Bacon... little more help thanks! James Lay (Sep 15)
- Re: I'm so close I smell Bacon... little more help thanks! JJ Cummings (Sep 17)
- Re: I'm so close I smell Bacon... little more help thanks! JJC (Sep 15)
- Re: I'm so close I smell Bacon... little more help thanks! James Lay (Sep 15)