Snort mailing list archives
Re: Extracting snortrules-2931.tar.gz
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 10 Oct 2012 11:58:12 -0400
On Oct 10, 2012, at 11:55 AM, AllowOverride <allowoverride () gmail com> wrote:
yes joel i do. that is what have been saying... i pasted the link, but im not going to be a dick and make you look like a fool for not reading my emails, like some assholes are doing on hereā¦.
Everyone has a right to their opinion. Even if it's wrong.
here is the link again. I sign in, click the oinkcode link, it's right there. im just trying to save someone else a hassle or have to ask the list again, for which they will be called a moron for even asking,,,
For the record, I don't think we've ever called anyone a moron.
see my point.... that's the other point. thanks https://www.snort.org/ then: https://www.snort.org/account/oinkcode
That page says 2931 for me. Did you refresh? Can you log out, log back in?
On Wed, 2012-10-10 at 11:50 -0400, Joel Esler wrote:I don't know. Do you see somewhere where it says 2900? On Oct 10, 2012, at 11:42 AM, AllowOverride <allowoverride () gmail com> wrote:if it was fixed, then why did i complain more? On Wed, 2012-10-10 at 09:44 -0400, Joel Esler wrote:This has been fixe. On Oct 9, 2012, at 9:17 PM, AllowOverride <allowoverride () gmail com> wrote:thanks joel, i know i could have looked around more, but i figure consistency across the site should be mentioned. thanks On Tue, 2012-10-09 at 20:56 -0400, Joel Esler wrote:I'll get this fixed. Sent from my iPhone On Oct 9, 2012, at 8:41 PM, AllowOverride <allowoverride () gmail com> wrote:i am referring to this page: https://www.snort.org/account/oinkcode its NOT right there for you, it says 2900. i see what your are talking about, but others surely wont... the process is, you read the config, you substitute what is displayed on that link. it wont work, UNLESS you know the file name, by clicking a diff page on snort.org. sorry, but i didn't see that page until much later, the one you referred too. so when someone updates the page, i figure, incase someone takes the same path i do, and copies the link as is, with their oinkcode attached, which logically you would do at first glance, as you are using it for pulledpork.conf. this discussion is the result. i figure if they update the page you found first time, with 2931, so that we can cut paste it, to use with pp.pl, then there will be no problems. thats all, nothing more, On Tue, 2012-10-09 at 20:17 +0000, Jeremy Hoel wrote:And like i said in the email before you responded, you can find the file name right from the website.. when you click download rules. http://snort.org/snort-rules/? Snort v2.9 MD5 - 09 Oct, 2012 snortrules-snapshot-2931.tar.gz MD5 - 09 Oct, 2012 snortrules-snapshot-2912.tar.gz MD5 - 09 Oct, 2012 snortrules-snapshot-2923.tar.gz MD5 - 09 Oct, 2012 snortrules-snapshot-2930.tar.gz It's right there.. you just have to look at the page. Reading is fundamental. On Tue, Oct 9, 2012 at 8:16 PM, AllowOverride <allowoverride () gmail com> wrote:we dont know the file name!!! sheshh On Tue, 2012-10-09 at 20:02 +0000, Jeremy Hoel wrote:The page shows: wget http://www.snort.org/sub-rules/<filename>/<oinkcode here> \ -O <output-filename> It's pretty clear. put the proper, correct, current filename where is says filename and things work. They shouldn't have to hold hands and walk through the whole thing. When you try and use examples you have to expect and realize that the example might be out of date and maybe try and figure out what it might take to make it work. On Tue, Oct 9, 2012 at 7:51 PM, AllowOverride <allowoverride () gmail com> wrote:when i say something doesnt work, i mean, it doesnt work: wget http://www.snort.org/sub-rules/snortrules-snapshot-2900.tar.gz/hidden-sorry--2012-10-09 12:44:42-- http://www.snort.org/sub-rules/snortrules-snapshot-2900.tar.gz/hidden-sorry Resolving www.snort.org... 23.23.170.170 Connecting to www.snort.org|23.23.170.170|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2012-10-09 12:44:42 ERROR 403: Forbidden. wget http://www.snort.org/reg-rules/snortrules-snapshot-2900.tar.gz/sorry-hidden --2012-10-09 12:45:54-- http://www.snort.org/reg-rules/snortrules-snapshot-2900.tar.gz/sorry-hidden Resolving www.snort.org... 23.23.143.143 Connecting to www.snort.org|23.23.143.143|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2012-10-09 12:45:56 ERROR 403: Forbidden. and just for good measure wget http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/sorry-hidden --2012-10-09 12:47:03-- http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/hidden-again Resolving www.snort.org... 23.23.170.170 Connecting to www.snort.org|23.23.170.170|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2012-10-09 12:47:04 ERROR 403: Forbidden. now. the last one shouldn't work, becuz im not a register user the sub rules works if you know what you are doing... If you include 2931 inplace of 2900 it will work, only if you are in the system for oinkcode. BUT, that is not what is autopopulated for you on the oinkcode page. it says, 2900. it wont work. all i am saying fix is, change it to reflect the CURRENT version. thats all. not everyone will catch it, and ya know, end up asking the question here. let's let the developers put the current version as well. takes what, 2 seconds and saves users HOURS of wtf.. headaches... thanks On Tue, 2012-10-09 at 19:19 +0000, Jeremy Hoel wrote:The link he was using worked fine for me. I tested the get and got the rules with no no problem.. with the link he had. His problem is not related to a bad link. The examples show that you need a file name (http://snort.org/snort-rules/cli) and when you go to the page before, the main download page (http://snort.org/snort-rules/?), it shows the file names. They are not trying to make this overly confusing and hard.. but it does require some effort and understanding on the installers part. Or, you could sign in and grab them from the gui, or use pullpork. 3 different methods to get the rules.. The examples are generic enough that they don't have to change whenever the rule file changes. Lets let the developers work on keeping the software fixed and nor worry about the web page not having the most specific instructions. On Tue, Oct 9, 2012 at 7:12 PM, AllowOverride <allowoverride () gmail com> wrote:jer, i tried the preferred method displayed on oinkcode page. it doesnt work for sub/reg unless you know to put 2931. also, other methods of wget'ing the url according to docs are supposed to work but do not, unless know the exact file name, and thats not always easy to find on the ftp site, or by other methods. just a heads up, that kept me off task for a few days trying to figure it out. suggestion... fix the examples on the oinkcode page. On Tue, 2012-10-09 at 17:12 +0000, Jeremy Hoel wrote:The answer is in the text file that you sent back. 2012-10-04 14:07:24 ERROR 403: Forbidden. so however you tried to get the file, it didn't work. If you used wget and an oink code then you need to check the code. On Tue, Oct 9, 2012 at 4:59 PM, Akinwale Fasuru <fashman2k1 () yahoo com> wrote:Here is what i gath after running cat.... --2012-10-04 14:07:23-- http://www.snort.org/sub-rules/snortrules-snapshot-2931.tar.gz/3b6de1b425e1a20c6f85e705f3631bc958ad11db Resolving www.snort.org... 23.23.170.170 Connecting to www.snort.org|23.23.170.170|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2012-10-04 14:07:24 ERROR 403: Forbidden. What do u think? --- On Tue, 10/9/12, Jeremy Hoel <jthoel () gmail com> wrote:From: Jeremy Hoel <jthoel () gmail com> Subject: Re: [Snort-users] Extracting snortrules-2931.tar.gz To: "Akinwale Fasuru" <fashman2k1 () yahoo com> Cc: snort-users () lists sourceforge net Date: Tuesday, October 9, 2012, 11:53 AM to check the size of a file, go to the directory where the file is and run 'ls -al'. But since 'file' said it's text and not a tar.gz or zip file, then that's the problem. Your download is not correct. go ahead and run 'cat snortrules-2931.tar.gz' On Tue, Oct 9, 2012 at 4:50 PM, Akinwale Fasuru <fashman2k1 () yahoo com> wrote:I replied the email you sent earlier saying that ididnt know how to check for te size of the file. But i did rule the command u asked me here is the responsesnortrules-2931.tar.gz: ASCII text --- On Tue, 10/9/12, Jeremy Hoel <jthoel () gmail com>wrote:From: Jeremy Hoel <jthoel () gmail com> Subject: Re: [Snort-users] Extractingsnortrules-2931.tar.gzTo: "Akinwale Fasuru" <fashman2k1 () yahoo com> Cc: snort-users () lists sourceforge net Date: Tuesday, October 9, 2012, 11:46 AM You never got back to me about the size of the file and if the file was complete. the error makes it sound like it's not a tar.gzfile.you need to very you got the whole file and thatit's notjust a text error. run 'file snortrules-2931.tar.gz' and see what itsays.On Tue, Oct 9, 2012 at 4:29 PM, Akinwale Fasuru<fashman2k1 () yahoo com>wrote:Hello everyone, I am still having problems extractingsnortrules-2931.tar.gztar -xzvf snortrules-2931.tar.gzI get this erro message zip: stdin: not in gzip format tar: Child returned status 1 tar: Error is not recoverable: exitingnow ------------------------------------------------------------------------------Don't let slow site performance ruin yourbusiness.Deploy New Relic APMDeploy New Relic app performance managementand knowexactlywhat is happening inside your Ruby, Python,PHP, Java,and .NET appTry New Relic at no cost today and get oursweet DataNerd shirt too!http://p.sf.net/sfu/newrelic-dev2dev_______________________________________________Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options orunsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current onall the latest Snort news!------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Extracting snortrules-2931.tar.gz, (continued)
- Re: Extracting snortrules-2931.tar.gz Akinwale Fasuru (Oct 09)
- Message not available
- Re: Extracting snortrules-2931.tar.gz Jeremy Hoel (Oct 09)
- Re: Extracting snortrules-2931.tar.gz AllowOverride (Oct 09)
- Re: Extracting snortrules-2931.tar.gz Joel Esler (Oct 09)
- Re: Extracting snortrules-2931.tar.gz AllowOverride (Oct 09)
- Re: Extracting snortrules-2931.tar.gz Joel Esler (Oct 09)
- Re: Extracting snortrules-2931.tar.gz Joel Esler (Oct 10)
- Re: Extracting snortrules-2931.tar.gz AllowOverride (Oct 10)
- Re: Extracting snortrules-2931.tar.gz Joel Esler (Oct 10)
- Re: Extracting snortrules-2931.tar.gz AllowOverride (Oct 10)
- Re: Extracting snortrules-2931.tar.gz Joel Esler (Oct 10)
- Re: Extracting snortrules-2931.tar.gz AllowOverride (Oct 10)
- Re: Extracting snortrules-2931.tar.gz waldo kitty (Oct 10)
- Re: Extracting snortrules-2931.tar.gz Michael Steele (Oct 10)
- Re: Extracting snortrules-2931.tar.gz AllowOverride (Oct 10)
- Re: Extracting snortrules-2931.tar.gz waldo kitty (Oct 10)
- Re: Extracting snortrules-2931.tar.gz Peter Bates (Oct 09)
- Re: Extracting snortrules-2931.tar.gz Joel Esler (Oct 09)
- Re: Extracting snortrules-2931.tar.gz AllowOverride (Oct 09)
- Re: Extracting snortrules-2931.tar.gz AllowOverride (Oct 09)
- Re: Extracting snortrules-2931.tar.gz waldo kitty (Oct 10)