Snort mailing list archives
Re: PulledPork not processing
From: Tony Robinson <deusexmachina667 () gmail com>
Date: Sun, 10 Feb 2013 16:26:39 -0500
meant to reply-all. think i might have just sent this to JJ by accident. Hey... I saw this line in your output above: Distro Def is: FreeBSD-8.1 Wondering if that might having something to do with it? Is there an option to define the distro for PP to windows? On Sun, Feb 10, 2013 at 11:51 AM, JJ Cummings <cummingsj () gmail com> wrote:
Michael, Are you talking about the rule docs "the opensource.tgz" file? If so, these are not the rules and only need to be extracted if you are using them for reference. This can sometimes take a while to extract... However, as Joel said the actual rules operation should be quite fast. JJC Sent from the iRoad On Feb 10, 2013, at 9:20, "Joel Esler" <jesler () sourcefire com> wrote: *self contained — Joel Esler Mobile On Sun, Feb 10, 2013 at 10:38 AM, Joel Esler <jesler () sourcefire com>wrote:Wow. That's pretty slow. On Unix it takes about 10 seconds give or take. But no, Pulledpork is sell contained except for a few libraries and is meant to be that way. On Sun, Feb 10, 2013 at 9:57 AM, Michael Steele <michaels () winsnort com>wrote:Problem solved. It appears that some of the Perl packages were corrupted. **** ** ** However; Does anyone have a work around for the installation of the Signatures. I don’t know about UNIX, but on Windows it takes at least 30 minutes for Perl to extract.**** ** ** Is it possible for the pulledpork.pl file to extract with a native OS extraction tool?**** ** ** Best regards,**** Michael...**** ** ** *From:* Michael Steele [mailto:michaels () winsnort com] *Sent:* Saturday, February 09, 2013 1:49 PM *To:* snort-users () lists sourceforge net *Subject:* [Snort-users] PulledPork not processing**** ** ** This is the latest pull from the SVN.**** ** ** It appears PulledPork is trying to process the rules twice. In the temp folder I’m only getting a partial transfer of the rules and the MD5 file. **** ** ** ** ** C:\Users\Operator>perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -vv -T**** ** ** http://code.google.com/p/pulledpork/**** _____ ____**** `----,\ )**** `--==\\ / PulledPork v0.6.2dev the Cigar Pig <////~**** `--==\\/**** .-~~~~-.Y|\\_ Copyright (C) 2009-2012 JJ Cummings**** @_/ / 66\_ cummingsj () gmail com**** | \ \ _(")**** \ /-| ||'--' Rules give me wings!**** \_\ \_\\**** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~**** ** ** Config File Variable Debug d:\winids\pulledpork\etc\pulledpork.conf**** snort_path = /usr/local/bin/snort**** enablesid = d:\winids\pulledpork\etc\enablesid.conf**** modifysid = d:\winids\pulledpork\etc\modifysid.conf**** rule_path = d:\winids\snort\rules\snort.rules**** ignore = deleted.rules,experimental.rules,local.rules**** rule_url = ARRAY(0x28e1e24)**** snort_version = 2.9.4.0**** sid_msg_version = 1**** sid_changelog = d:\winids\snort\log\sid_changes.log**** sid_msg = d:\winids\snort\etc\sid-msg.map**** docs = d:\winids\Apache24\htdocs\base\signatures\**** ips_policy = security**** config_path = /usr/local/etc/snort/snort.conf**** temp_path = d:\winids\pulledpork\temp**** distro = FreeBSD-8.1**** version = 0.6.1**** sorule_path = /usr/local/lib/snort_dynamicrules/**** disablesid = d:\winids\pulledpork\etc\disablesid.conf**** dropsid = d:\winids\pulledpork\etc\dropsid.conf**** local_rules = d:\winids\snort\rules\local.rules**** 'uname' is not recognized as an internal or external command,**** operable program or batch file.**** MISC (CLI and Autovar) Variable Debug:**** Config Path is: d:\winids\pulledpork\etc\pulledpork.conf**** Distro Def is: FreeBSD-8.1**** Docs Reference Location is: d:\winids\Apache24\htdocs\base\signatures\**** security policy specified**** local.rules path is: d:\winids\snort\rules\local.rules**** Rules file is: d:\winids\snort\rules\snort.rules**** Path to disablesid file: d:\winids\pulledpork\etc\disablesid.conf **** Path to dropsid file: d:\winids\pulledpork\etc\dropsid.conf**** Path to enablesid file: d:\winids\pulledpork\etc\enablesid.conf* *** Path to modifysid file: d:\winids\pulledpork\etc\modifysid.conf* *** sid changes will be logged to: d:\winids\snort\log\sid_changes.log**** sid-msg.map Output Path is: d:\winids\snort\etc\sid-msg.map**** Snort Version is: 2.9.4.0**** Snort Config File: /usr/local/etc/snort/snort.conf**** Snort Path is: /usr/local/bin/snort**** Text Rules only Flag is Set**** Extra Verbose Flag is Set**** Verbose Flag is Set**** Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|991158d6f0847841cffbe085a91b7c5775ba98cf https://www.snort.org/reg-rules/|opensource.gz|991158d6f0847841cffbe085a91b7c5 **** 775ba98cf**** Checking latest MD5 for snortrules-snapshot-2940.tar.gz....**** Fetching md5sum for: snortrules-snapshot-2940.tar.gz.md5**** ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz.md5/991158d6f0847841cffbe085a91b7c5775ba98cf==> 200 OK (3s) **** most recent rules file digest: ae46740e802f023be681d932ef71f407* *** Rules tarball download of snortrules-snapshot-2940.tar.gz....**** Fetching rules file: snortrules-snapshot-2940.tar.gz**** ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/991158d6f0847841cffbe085a91b7c5775ba98cf==> 302 Found (1s) **** ** GET https://s3.amazonaws.com/snort-org/www/rules/20121218/snortrules-snapshot-2940.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1360435268&Signature=KaoY%2B0NMB%2B%2FNnYFJTpunKaQhilw%3D==> **** 200 OK (1s)**** storing file at: d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz**** ** ** current local rules file digest: eed12b6d1e99dd34dda723167ab18f8c**** The MD5 for snortrules-snapshot-2940.tar.gz did not match the latest digest... so I am gonna fetch the latest rules file!**** Rules tarball download of snortrules-snapshot-2940.tar.gz....**** Fetching rules file: snortrules-snapshot-2940.tar.gz**** ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/991158d6f0847841cffbe085a91b7c5775ba98cf==> 302 Found **** ** GET https://s3.amazonaws.com/snort-org/www/rules/20121218/snortrules-snapshot-2940.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1360435269&Signature=2H85W57%2F7fbXw%2FEehahpjniVR0Q%3D==> 0 **** 200 OK**** storing file at: d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz**** ** ** current local rules file digest: 6fb296525f90c700ff356264397e7977**** The MD5 for snortrules-snapshot-2940.tar.gz did not match the latest digest... so I am gonna fetch the latest rules file!**** Rules tarball download of snortrules-snapshot-2940.tar.gz....**** Fetching rules file: snortrules-snapshot-2940.tar.gz**** ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/991158d6f0847841cffbe085a91b7c5775ba98cf==> 403 Forbidden (1s) **** A 403 error occurred, please wait for the 15 minute timeout**** to expire before trying again or specify the -n runtime switch** ** You may also wish to verfiy your oinkcode, tarball name, and other configuration options**** ** ** ** ** ** ** ** ** I can drop the rules, and open source file into the empty temp folder and try to process offline but I’m getting:**** ** ** C:\Users\Operator>perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -n -vv -T**** ** ** http://code.google.com/p/pulledpork/**** _____ ____**** `----,\ )**** `--==\\ / PulledPork v0.6.2dev the Cigar Pig <////~**** `--==\\/**** .-~~~~-.Y|\\_ Copyright (C) 2009-2012 JJ Cummings**** @_/ / 66\_ cummingsj () gmail com**** | \ \ _(")**** \ /-| ||'--' Rules give me wings!**** \_\ \_\\**** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~**** ** ** Config File Variable Debug d:\winids\pulledpork\etc\pulledpork.conf**** snort_path = /usr/local/bin/snort**** enablesid = d:\winids\pulledpork\etc\enablesid.conf**** modifysid = d:\winids\pulledpork\etc\modifysid.conf**** rule_path = d:\winids\snort\rules\snort.rules**** ignore = deleted.rules,experimental.rules,local.rules**** rule_url = ARRAY(0x285929c)**** snort_version = 2.9.4.0**** sid_msg_version = 1**** sid_changelog = d:\winids\snort\log\sid_changes.log**** sid_msg = d:\winids\snort\etc\sid-msg.map**** docs = d:\winids\Apache24\htdocs\base\signatures\**** ips_policy = security**** config_path = /usr/local/etc/snort/snort.conf**** temp_path = d:\winids\pulledpork\temp**** distro = FreeBSD-8.1**** version = 0.6.1**** sorule_path = /usr/local/lib/snort_dynamicrules/**** disablesid = d:\winids\pulledpork\etc\disablesid.conf**** dropsid = d:\winids\pulledpork\etc\dropsid.conf**** local_rules = d:\winids\snort\rules\local.rules**** 'uname' is not recognized as an internal or external command,**** operable program or batch file.**** MISC (CLI and Autovar) Variable Debug:**** Config Path is: d:\winids\pulledpork\etc\pulledpork.conf**** Distro Def is: FreeBSD-8.1**** Docs Reference Location is: d:\winids\Apache24\htdocs\base\signatures\**** security policy specified**** local.rules path is: d:\winids\snort\rules\local.rules**** No Download Flag is Set**** Rules file is: d:\winids\snort\rules\snort.rules**** Path to disablesid file: d:\winids\pulledpork\etc\disablesid.conf **** Path to dropsid file: d:\winids\pulledpork\etc\dropsid.conf**** Path to enablesid file: d:\winids\pulledpork\etc\enablesid.conf* *** Path to modifysid file: d:\winids\pulledpork\etc\modifysid.conf* *** sid changes will be logged to: d:\winids\snort\log\sid_changes.log**** sid-msg.map Output Path is: d:\winids\snort\etc\sid-msg.map**** Snort Version is: 2.9.4.0**** Snort Config File: /usr/local/etc/snort/snort.conf**** Snort Path is: /usr/local/bin/snort**** Text Rules only Flag is Set**** Extra Verbose Flag is Set**** Verbose Flag is Set**** Base URL is: https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|991158d6f0847841cffbe085a91b7c5775ba98cf https://www.snort.org/reg-rules/|opensource.gz|991158d6f0847841cffbe085a91b7c5 **** 775ba98cf**** Prepping rules from snortrules-snapshot-2940.tar.gz for work....**** extracting contents of d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz...**** Ignoring plaintext rules: deleted.rules**** Ignoring plaintext rules: experimental.rules**** Ignoring plaintext rules: local.rules**** Extracted: /tha_rules/VRT-server-other.rules**** Extracted: /tha_rules/VRT-pua-adware.rules**** Extracted: /tha_rules/VRT-misc.rules**** Extracted: /tha_rules/VRT-malware-backdoor.rules**** Extracted: /tha_rules/VRT-indicator-compromise.rules**** Extracted: /tha_rules/VRT-file-pdf.rules**** Extracted: /tha_rules/VRT-content-replace.rules**** Extracted: /tha_rules/VRT-file-identify.rules**** Extracted: /tha_rules/VRT-browser-webkit.rules**** Extracted: /tha_rules/VRT-specific-threats.rules**** Extracted: /tha_rules/VRT-file-office.rules**** Extracted: /tha_rules/VRT-rpc.rules**** Extracted: /tha_rules/VRT-dns.rules**** Extracted: /tha_rules/VRT-os-other.rules**** Extracted: /tha_rules/VRT-snmp.rules**** Extracted: /tha_rules/VRT-policy-other.rules**** Extracted: /tha_rules/VRT-web-coldfusion.rules**** Extracted: /tha_rules/VRT-protocol-voip.rules**** Extracted: /tha_rules/VRT-file-image.rules**** Extracted: /tha_rules/VRT-chat.rules**** Extracted: /tha_rules/VRT-voip.rules**** Extracted: /tha_rules/VRT-os-solaris.rules**** Extracted: /tha_rules/VRT-pop3.rules**** Extracted: /tha_rules/VRT-server-mssql.rules**** Extracted: /tha_rules/VRT-preprocessor.rules**** Extracted: /tha_rules/VRT-policy-social.rules**** Extracted: /tha_rules/VRT-protocol-ftp.rules**** Extracted: /tha_rules/VRT-server-webapp.rules**** Extracted: /tha_rules/VRT-server-oracle.rules**** Extracted: /tha_rules/VRT-scada.rules**** Extracted: /tha_rules/VRT-other-ids.rules**** Extracted: /tha_rules/VRT-server-apache.rules**** Extracted: /tha_rules/VRT-sql.rules**** Extracted: /tha_rules/VRT-icmp.rules**** Extracted: /tha_rules/VRT-file-multimedia.rules**** Extracted: /tha_rules/VRT-pua-p2p.rules**** Extracted: /tha_rules/VRT-info.rules**** Extracted: /tha_rules/VRT-pua-other.rules**** Extracted: /tha_rules/VRT-server-mail.rules**** Extracted: /tha_rules/VRT-netbios.rules**** Extracted: /tha_rules/VRT-smtp.rules**** Extracted: /tha_rules/VRT-protocol-icmp.rules**** Extracted: /tha_rules/VRT-sensitive-data.rules**** Extracted: /tha_rules/VRT-indicator-shellcode.rules**** Extracted: /tha_rules/VRT-web-iis.rules**** Extracted: /tha_rules/VRT-protocol-finger.rules**** Extracted: /tha_rules/VRT-botnet-cnc.rules**** Extracted: /tha_rules/VRT-pua-toolbars.rules**** Extracted: /tha_rules/VRT-mysql.rules**** Extracted: /tha_rules/VRT-virus.rules**** Extracted: /tha_rules/VRT-protocol-imap.rules**** Extracted: /tha_rules/VRT-malware-cnc.rules**** Extracted: /tha_rules/VRT-web-misc.rules**** Extracted: /tha_rules/VRT-tftp.rules**** Extracted: /tha_rules/VRT-blacklist.rules**** Extracted: /tha_rules/VRT-shellcode.rules**** Extracted: /tha_rules/VRT-spyware-put.rules**** Extracted: /tha_rules/VRT-exploit.rules**** Extracted: /tha_rules/VRT-protocol-services.rules**** Extracted: /tha_rules/VRT-browser-ie.rules**** Extracted: /tha_rules/VRT-os-windows.rules**** Extracted: /tha_rules/VRT-ddos.rules**** Extracted: /tha_rules/VRT-attack-responses.rules**** Extracted: /tha_rules/VRT-browser-firefox.rules**** Extracted: /tha_rules/VRT-browser-chrome.rules**** Extracted: /tha_rules/VRT-telnet.rules**** Extracted: /tha_rules/VRT-browser-other.rules**** Extracted: /tha_rules/VRT-icmp-info.rules**** Extracted: /tha_rules/VRT-os-linux.rules**** Extracted: /tha_rules/VRT-indicator-obfuscation.rules**** Extracted: /tha_rules/VRT-policy-spam.rules**** Extracted: /tha_rules/VRT-malware-tools.rules**** Extracted: /tha_rules/VRT-x11.rules**** Extracted: /tha_rules/VRT-p2p.rules**** Extracted: /tha_rules/VRT-scan.rules**** Extracted: /tha_rules/VRT-ftp.rules**** Extracted: /tha_rules/VRT-malware-other.rules**** Extracted: /tha_rules/VRT-web-php.rules**** Extracted: /tha_rules/VRT-web-activex.rules**** Extracted: /tha_rules/VRT-decoder.rules**** Extracted: /tha_rules/VRT-web-frontpage.rules**** Extracted: /tha_rules/VRT-rservices.rules**** Extracted: /tha_rules/VRT-file-executable.rules**** Extracted: /tha_rules/VRT-file-other.rules**** Extracted: /tha_rules/VRT-backdoor.rules**** Extracted: /tha_rules/VRT-multimedia.rules**** Extracted: /tha_rules/VRT-web-client.rules**** Extracted: /tha_rules/VRT-exploit-kit.rules**** Extracted: /tha_rules/VRT-protocol-pop.rules**** Extracted: /tha_rules/VRT-browser-plugins.rules**** Extracted: /tha_rules/VRT-policy.rules**** Extracted: /tha_rules/VRT-web-attacks.rules**** Extracted: /tha_rules/VRT-imap.rules**** Extracted: /tha_rules/VRT-file-flash.rules**** Extracted: /tha_rules/VRT-nntp.rules**** Extracted: /tha_rules/VRT-dos.rules**** Extracted: /tha_rules/VRT-finger.rules**** Extracted: /tha_rules/VRT-phishing-spam.rules**** No such file in archive: 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl line 293.**** Could not find an entry for 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl line 293.**** Extracted: d:\winids\Apache24\htdocs\base\signatures\rules/VRT-License.txt**** Extracted: /tha_rules/VRT-server-mysql.rules**** Extracted: /tha_rules/VRT-oracle.rules**** Extracted: /tha_rules/VRT-server-iis.rules**** Extracted: /tha_rules/VRT-app-detect.rules**** Extracted: /tha_rules/VRT-policy-multimedia.rules**** Extracted: /tha_rules/VRT-pop2.rules**** Extracted: /tha_rules/VRT-bad-traffic.rules**** Extracted: /tha_rules/VRT-web-cgi.rules**** Prepping rules from snortrules-snapshot-2940.tar.gz for work....**** extracting contents of d:\winids\pulledpork\temp/snortrules-snapshot-2940.tar.gz...**** Ignoring plaintext rules: deleted.rules**** Ignoring plaintext rules: experimental.rules**** Ignoring plaintext rules: local.rules**** Extracted: /tha_rules/VRT-server-other.rules**** Extracted: /tha_rules/VRT-pua-adware.rules**** Extracted: /tha_rules/VRT-misc.rules**** Extracted: /tha_rules/VRT-malware-backdoor.rules**** Extracted: /tha_rules/VRT-indicator-compromise.rules**** Extracted: /tha_rules/VRT-file-pdf.rules**** Extracted: /tha_rules/VRT-content-replace.rules**** Extracted: /tha_rules/VRT-file-identify.rules**** Extracted: /tha_rules/VRT-browser-webkit.rules**** Extracted: /tha_rules/VRT-specific-threats.rules**** Extracted: /tha_rules/VRT-file-office.rules**** Extracted: /tha_rules/VRT-rpc.rules**** Extracted: /tha_rules/VRT-dns.rules**** Extracted: /tha_rules/VRT-os-other.rules**** Extracted: /tha_rules/VRT-snmp.rules**** Extracted: /tha_rules/VRT-policy-other.rules**** Extracted: /tha_rules/VRT-web-coldfusion.rules**** Extracted: /tha_rules/VRT-protocol-voip.rules**** Extracted: /tha_rules/VRT-file-image.rules**** Extracted: /tha_rules/VRT-chat.rules**** Extracted: /tha_rules/VRT-voip.rules**** Extracted: /tha_rules/VRT-os-solaris.rules**** Extracted: /tha_rules/VRT-server-mssql.rules**** Extracted: /tha_rules/VRT-pop3.rules**** Extracted: /tha_rules/VRT-preprocessor.rules**** Extracted: /tha_rules/VRT-policy-social.rules**** Extracted: /tha_rules/VRT-protocol-ftp.rules**** Extracted: /tha_rules/VRT-server-webapp.rules**** Extracted: /tha_rules/VRT-server-oracle.rules**** Extracted: /tha_rules/VRT-scada.rules**** Extracted: /tha_rules/VRT-other-ids.rules**** Extracted: /tha_rules/VRT-server-apache.rules**** Extracted: /tha_rules/VRT-sql.rules**** Extracted: /tha_rules/VRT-icmp.rules**** Extracted: /tha_rules/VRT-file-multimedia.rules**** Extracted: /tha_rules/VRT-pua-p2p.rules**** Extracted: /tha_rules/VRT-info.rules**** Extracted: /tha_rules/VRT-pua-other.rules**** Extracted: /tha_rules/VRT-server-mail.rules**** Extracted: /tha_rules/VRT-netbios.rules**** Extracted: /tha_rules/VRT-smtp.rules**** Extracted: /tha_rules/VRT-protocol-icmp.rules**** Extracted: /tha_rules/VRT-sensitive-data.rules**** Extracted: /tha_rules/VRT-indicator-shellcode.rules**** Extracted: /tha_rules/VRT-web-iis.rules**** Extracted: /tha_rules/VRT-protocol-finger.rules**** Extracted: /tha_rules/VRT-botnet-cnc.rules**** Extracted: /tha_rules/VRT-pua-toolbars.rules**** Extracted: /tha_rules/VRT-mysql.rules**** Extracted: /tha_rules/VRT-virus.rules**** Extracted: /tha_rules/VRT-protocol-imap.rules**** Extracted: /tha_rules/VRT-malware-cnc.rules**** Extracted: /tha_rules/VRT-web-misc.rules**** Extracted: /tha_rules/VRT-tftp.rules**** Extracted: /tha_rules/VRT-shellcode.rules**** Extracted: /tha_rules/VRT-blacklist.rules**** Extracted: /tha_rules/VRT-spyware-put.rules**** Extracted: /tha_rules/VRT-exploit.rules**** Extracted: /tha_rules/VRT-protocol-services.rules**** Extracted: /tha_rules/VRT-browser-ie.rules**** Extracted: /tha_rules/VRT-os-windows.rules**** Extracted: /tha_rules/VRT-ddos.rules**** Extracted: /tha_rules/VRT-attack-responses.rules**** Extracted: /tha_rules/VRT-browser-firefox.rules**** Extracted: /tha_rules/VRT-browser-chrome.rules**** Extracted: /tha_rules/VRT-telnet.rules**** Extracted: /tha_rules/VRT-browser-other.rules**** Extracted: /tha_rules/VRT-icmp-info.rules**** Extracted: /tha_rules/VRT-os-linux.rules**** Extracted: /tha_rules/VRT-indicator-obfuscation.rules**** Extracted: /tha_rules/VRT-policy-spam.rules**** Extracted: /tha_rules/VRT-malware-tools.rules**** Extracted: /tha_rules/VRT-x11.rules**** Extracted: /tha_rules/VRT-p2p.rules**** Extracted: /tha_rules/VRT-scan.rules**** Extracted: /tha_rules/VRT-ftp.rules**** Extracted: /tha_rules/VRT-malware-other.rules**** Extracted: /tha_rules/VRT-web-php.rules**** Extracted: /tha_rules/VRT-web-activex.rules**** Extracted: /tha_rules/VRT-decoder.rules**** Extracted: /tha_rules/VRT-web-frontpage.rules**** Extracted: /tha_rules/VRT-rservices.rules**** Extracted: /tha_rules/VRT-file-executable.rules**** Extracted: /tha_rules/VRT-file-other.rules**** Extracted: /tha_rules/VRT-backdoor.rules**** Extracted: /tha_rules/VRT-multimedia.rules**** Extracted: /tha_rules/VRT-web-client.rules**** Extracted: /tha_rules/VRT-exploit-kit.rules**** Extracted: /tha_rules/VRT-protocol-pop.rules**** Extracted: /tha_rules/VRT-browser-plugins.rules**** Extracted: /tha_rules/VRT-policy.rules**** Extracted: /tha_rules/VRT-web-attacks.rules**** Extracted: /tha_rules/VRT-imap.rules**** Extracted: /tha_rules/VRT-file-flash.rules**** Extracted: /tha_rules/VRT-nntp.rules**** Extracted: /tha_rules/VRT-dos.rules**** Extracted: /tha_rules/VRT-finger.rules**** Extracted: /tha_rules/VRT-phishing-spam.rules**** No such file in archive: 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl line 293.**** Could not find an entry for 'doc/signatures/rules/VRT-License.txt' at d:\winids\pulledpork\pulledpork.pl line 293.**** Extracted: d:\winids\Apache24\htdocs\base\signatures\rules/VRT-License.txt**** Extracted: /tha_rules/VRT-server-mysql.rules**** Extracted: /tha_rules/VRT-oracle.rules**** Extracted: /tha_rules/VRT-server-iis.rules**** Extracted: /tha_rules/VRT-app-detect.rules**** Extracted: /tha_rules/VRT-policy-multimedia.rules**** Extracted: /tha_rules/VRT-pop2.rules**** Extracted: /tha_rules/VRT-bad-traffic.rules**** Extracted: /tha_rules/VRT-web-cgi.rules**** Cleanup....**** removed 108 temporary snort files or directories from d:\winids\pulledpork\temp/tha_rules!**** Fly Piggy Fly!**** ** ** Best regards,**** Michael...**** ** ** ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!-- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-- when does reality end? when does fantasy begin?
------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- PulledPork not processing Michael Steele (Feb 09)
- Re: PulledPork not processing Michael Steele (Feb 10)
- Re: PulledPork not processing Joel Esler (Feb 10)
- Re: PulledPork not processing Joel Esler (Feb 10)
- Re: PulledPork not processing JJ Cummings (Feb 10)
- Re: PulledPork not processing Tony Robinson (Feb 10)
- Re: PulledPork not processing Michael Steele (Feb 10)
- Re: PulledPork not processing JJ Cummings (Feb 10)
- Re: PulledPork not processing Joel Esler (Feb 10)
- Re: PulledPork not processing Michael Steele (Feb 10)