Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Extracting snortrules-2931.tar.gz

From: Joel Esler <jesler () sourcefire com>
Date: Wed, 10 Oct 2012 11:58:12 -0400
On Oct 10, 2012, at 11:55 AM, AllowOverride <allowoverride () gmail com> wrote:


yes joel i do. that is what have been saying... i pasted the link, but
im not going to be a dick and make you look like a fool for not reading
my emails, like some assholes are doing on hereā€¦.


Everyone has a right to their opinion.  Even if it's wrong.


here is the link again. I sign in, click the oinkcode link, it's right
there. im just trying to save someone else a hassle or have to ask the
list again, for which they will be called a moron for even asking,,, 


For the record, I don't think we've ever called anyone a moron.


see my point....  that's the other point.

thanks

https://www.snort.org/

then:

https://www.snort.org/account/oinkcode



That page says 2931 for me.  Did you refresh?  Can you log out, log back in?





On Wed, 2012-10-10 at 11:50 -0400, Joel Esler wrote:

I don't know.  Do you see somewhere where it says 2900?  


On Oct 10, 2012, at 11:42 AM, AllowOverride <allowoverride () gmail com> wrote:


if it was fixed, then why did i complain more?

On Wed, 2012-10-10 at 09:44 -0400, Joel Esler wrote:

This has been fixe.

On Oct 9, 2012, at 9:17 PM, AllowOverride <allowoverride () gmail com> wrote:


thanks joel, i know i could have looked around more, but i figure
consistency across the site should be mentioned. thanks

On Tue, 2012-10-09 at 20:56 -0400, Joel Esler wrote:

I'll get this fixed. 

Sent from my iPhone

On Oct 9, 2012, at 8:41 PM, AllowOverride <allowoverride () gmail com> wrote:


i am referring to this page:

https://www.snort.org/account/oinkcode

its NOT right there for you, it says 2900.
i see what your are talking about, but others surely wont...

the process is, you read the config, you substitute what is displayed on
that link. it wont work, UNLESS you know the file name, by clicking 
a diff page on snort.org. sorry, but i didn't see that page until much
later, the one you referred too. so when someone updates the page, i
figure, incase someone takes the same path i do, and copies the link as
is, with their oinkcode attached, which logically you would do at first
glance, as you are using it for pulledpork.conf. this discussion is the
result. 

i figure if they update the page you found first time, with 2931, so
that we can cut paste it, to use with pp.pl, then there will be no
problems. thats all, nothing more, 

On Tue, 2012-10-09 at 20:17 +0000, Jeremy Hoel wrote:

And like i said in the email before you responded, you can find the
file name right from the website.. when you click download rules.
http://snort.org/snort-rules/?

Snort v2.9
MD5 - 09 Oct, 2012
snortrules-snapshot-2931.tar.gz
MD5 - 09 Oct, 2012
snortrules-snapshot-2912.tar.gz
MD5 - 09 Oct, 2012
snortrules-snapshot-2923.tar.gz
MD5 - 09 Oct, 2012
snortrules-snapshot-2930.tar.gz



It's right there.. you just have to look at the page.  Reading is fundamental.




On Tue, Oct 9, 2012 at 8:16 PM, AllowOverride <allowoverride () gmail com> wrote:

we dont know the file name!!! sheshh

On Tue, 2012-10-09 at 20:02 +0000, Jeremy Hoel wrote:

The page shows:

wget http://www.snort.org/sub-rules/<filename>/<oinkcode here> \
         -O <output-filename>


It's pretty clear.  put the proper, correct, current filename where is
says filename and things work.  They shouldn't have to hold hands and
walk through the whole thing.

When you try and use examples you have to expect and realize that the
example might be out of date and maybe try and figure out what it
might take to make it work.



On Tue, Oct 9, 2012 at 7:51 PM, AllowOverride <allowoverride () gmail com> wrote:

when i say something doesnt work, i mean, it doesnt work:

wget
http://www.snort.org/sub-rules/snortrules-snapshot-2900.tar.gz/hidden-sorry--2012-10-09 12:44:42--  
http://www.snort.org/sub-rules/snortrules-snapshot-2900.tar.gz/hidden-sorry
Resolving www.snort.org... 23.23.170.170
Connecting to www.snort.org|23.23.170.170|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2012-10-09 12:44:42 ERROR 403: Forbidden.

wget
http://www.snort.org/reg-rules/snortrules-snapshot-2900.tar.gz/sorry-hidden
--2012-10-09 12:45:54--
http://www.snort.org/reg-rules/snortrules-snapshot-2900.tar.gz/sorry-hidden
Resolving www.snort.org... 23.23.143.143
Connecting to www.snort.org|23.23.143.143|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2012-10-09 12:45:56 ERROR 403: Forbidden.

and just for good measure

wget
http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/sorry-hidden
--2012-10-09 12:47:03--
http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/hidden-again
Resolving www.snort.org... 23.23.170.170
Connecting to www.snort.org|23.23.170.170|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2012-10-09 12:47:04 ERROR 403: Forbidden.


now. the last one shouldn't work, becuz im not a register user
the sub rules works if you know what you are doing...

If you include 2931 inplace of 2900 it will work, only if you are in the
system for oinkcode. BUT, that is not what is autopopulated for you on
the oinkcode page. it says, 2900. it wont work.

all i am saying fix is, change it to reflect the CURRENT version. thats
all. not everyone will catch it, and ya know, end up asking the question
here.

let's let the developers put the current version as well. takes what, 2
seconds and saves users HOURS of wtf.. headaches...

thanks



On Tue, 2012-10-09 at 19:19 +0000, Jeremy Hoel wrote:

The link he was using worked fine for me. I tested the get and got the
rules with no no problem.. with the link he had. His problem is not
related to a bad link.

The examples show that you need a file name
(http://snort.org/snort-rules/cli) and when you go to the page before,
the main download page (http://snort.org/snort-rules/?), it shows the
file names. They are not trying to make this overly confusing and
hard.. but it does require some effort and understanding on the
installers part. Or, you could sign in and grab them from the gui, or
use pullpork.  3 different methods to get the rules..

The examples are generic enough that they don't have to change
whenever the rule file changes.  Lets let the developers work on
keeping the software fixed and nor worry about the web page not having
the most specific instructions.


On Tue, Oct 9, 2012 at 7:12 PM, AllowOverride <allowoverride () gmail com> wrote:

jer,
i tried the preferred method displayed on oinkcode page.
it doesnt work for sub/reg unless you know to put 2931. also, other
methods of wget'ing the url according to docs are supposed to work but
do not, unless know the exact file name, and thats not always easy to
find on the ftp site, or by other methods.

just a heads up, that kept me off task for a few days trying to figure
it out.

suggestion... fix the examples on the oinkcode page.



On Tue, 2012-10-09 at 17:12 +0000, Jeremy Hoel wrote:

The answer is in the text file that you sent back.

2012-10-04 14:07:24 ERROR 403: Forbidden.

so however you tried to get the file, it didn't work.  If you used
wget and an oink code then you need to check the code.


On Tue, Oct 9, 2012 at 4:59 PM, Akinwale Fasuru <fashman2k1 () yahoo com> wrote:

Here is what i gath after running cat....

--2012-10-04 14:07:23--  
http://www.snort.org/sub-rules/snortrules-snapshot-2931.tar.gz/3b6de1b425e1a20c6f85e705f3631bc958ad11db
Resolving www.snort.org... 23.23.170.170
Connecting to www.snort.org|23.23.170.170|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2012-10-04 14:07:24 ERROR 403: Forbidden.


What do u think?


--- On Tue, 10/9/12, Jeremy Hoel <jthoel () gmail com> wrote:


From: Jeremy Hoel <jthoel () gmail com>
Subject: Re: [Snort-users] Extracting snortrules-2931.tar.gz
To: "Akinwale Fasuru" <fashman2k1 () yahoo com>
Cc: snort-users () lists sourceforge net
Date: Tuesday, October 9, 2012, 11:53 AM
to check the size of a file, go to
the directory where the file is and
run 'ls -al'.

But since 'file' said it's text and not a tar.gz or zip
file, then
that's the problem.  Your download is not correct.

go ahead and run 'cat snortrules-2931.tar.gz'



On Tue, Oct 9, 2012 at 4:50 PM, Akinwale Fasuru <fashman2k1 () yahoo com>
wrote:

I replied the email you sent earlier saying that i

didnt know how to check for te size of the file. But i did
rule the command u asked me here is the response


snortrules-2931.tar.gz: ASCII text


--- On Tue, 10/9/12, Jeremy Hoel <jthoel () gmail com>

wrote:



From: Jeremy Hoel <jthoel () gmail com>
Subject: Re: [Snort-users] Extracting

snortrules-2931.tar.gz

To: "Akinwale Fasuru" <fashman2k1 () yahoo com>
Cc: snort-users () lists sourceforge net
Date: Tuesday, October 9, 2012, 11:46 AM
You never got back to me about the
size of the file and if the file
was complete.

the error makes it sound like it's not a tar.gz

file.


you need to very you got the whole file and that

it's not

just a text error.

run 'file snortrules-2931.tar.gz' and see what it

says.


On Tue, Oct 9, 2012 at 4:29 PM, Akinwale Fasuru

<fashman2k1 () yahoo com>

wrote:

Hello everyone,
I am still having problems extracting

snortrules-2931.tar.gz


tar -xzvf snortrules-2931.tar.gz

I get this erro message

zip: stdin: not in gzip format

tar: Child returned status 1

tar: Error is not recoverable: exiting

now
------------------------------------------------------------------------------

Don't let slow site performance ruin your

business.

Deploy New Relic APM

Deploy New Relic app performance management

and know

exactly

what is happening inside your Ruby, Python,

PHP, Java,

and .NET app

Try New Relic at no cost today and get our

sweet Data

Nerd shirt too!

http://p.sf.net/sfu/newrelic-dev2dev

_______________________________________________

Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or

unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on

all the latest Snort news!


------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!



------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!













------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: