Snort mailing list archives
Re: Error rules update
From: Michel Renard <mich () foxnet be>
Date: Wed, 30 Apr 2014 22:28:40 +0200
hello you have an idea for a tip tell me how it's done, from pulledpork -----Message initial----- De: Jeremy Hoel <jthoel () gmail com> Envoyé: mercredi 30 avril 2014 22:20 À: Michel Renard <mich () foxnet be> Cc: Joel Esler (jesler) <jesler () cisco com>; snort-users () lists sourceforge net Sujet: Re: [Snort-users] Error rules update 2.9.6.1 is unavailable for registered users for 30 days after the release. Joel mentioned that a few days ago: [Snort-sigs] vrt rules snapshot 2961 are unavailable for reg-users "Correct. 2.9.6.1 will not be available to registered users for due to the 30 day rule currently in effect. " On Wed, Apr 30, 2014 at 8:01 PM, Michel Renard <mich () foxnet be <mailto:mich () foxnet be> > wrote: hello either I'm stupid or I'm off base I updated with snort but I always have this error when updating rules thank you for your help /usr/local/bin/pulledpork.pl <http://pulledpork.pl> -c /etc/snort/pulledpork.conf -T -l http://code.google.com/p/pulledpork/ <http://code.google.com/p/pulledpork/> _____ ____ `----,\ ) `--==\\ / PulledPork v0.7.0 - Swine Flu! `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2013 JJ Cummings @_/ / 66\_ cummingsj () gmail com <mailto:cummingsj () gmail com> | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Checking latest MD5 for snortrules-snapshot-2961.tar.gz.... Error 500 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2961.tar.gz.md5 at /usr/local/bin/pulledpork.pl <http://pulledpork.pl> line 463 main::md5file('<oinkcode>', 'snortrules-snapshot-2961.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl <http://pulledpork.pl> line 184 Michel -----Message initial----- De: Joel Esler (jesler) <jesler () cisco com <mailto:jesler () cisco com> > Envoyé: mercredi 30 avril 2014 21:35 À: Jeremy Hoel <jthoel () gmail com <mailto:jthoel () gmail com> > Cc: snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net> Sujet: Re: [Snort-users] Error rules update Dear Basant, In order to look into this issue, I am going to need yourSnort.org <http://Snort.org> username and email address. Please feel free to email me directly with that information. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Vulnerability Research Team On Apr 30, 2014, at 2:53 PM, Jeremy Hoel <jthoel () gmail com <mailto:jthoel () gmail com> > wrote: pulledpork uses by default the version of snort that you have installed. newer versions of the rulesets won't run on your old install. If you mean that you manually set the snort version in the pulledpork config and you are still getting the errors, do you have your oink code set properly and/or are you using a http proxy? On Wed, Apr 30, 2014 at 6:24 PM, basant subba <basantsubba () gmail com <mailto:basantsubba () gmail com> > wrote: It doesn't work for snortrules-snapshot-2946.tar.gz <http://snort.org/downloads/2866> , snortrules-snapshot-2956.tar.gz <http://snort.org/downloads/2866> and snortrules-snapshot-2960.tar.gz <http://snort.org/downloads/2866> which are all listed in Registered User list in Snort home-page. Getting the same error. How to get over this problem? Have been stuck up with this problem for quite sometime now. On Wed, Apr 30, 2014 at 9:11 PM, waldo kitty <wkitty42 () windstream net <mailto:wkitty42 () windstream net> > wrote: On 4/30/2014 11:00 AM, Michel Renard wrote:
https://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz.md5 at
there's your problem right there... 2.9.3.1 is no longer supported as it is EoL (End of Life)... it has been EoL since 2013 Sep 30... http://blog.snort.org/2013/09/snort-2931-is-now-eol-for-rule-support.html <http://blog.snort.org/2013/09/snort-2931-is-now-eol-for-rule-support.html> -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs <http://p.sf.net/sfu/SauceLabs> _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users> Please visit http://blog.snort.org <http://blog.snort.org/> to stay current on all the latest Snort news! ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs <http://p.sf.net/sfu/SauceLabs> _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users> Please visit http://blog.snort.org <http://blog.snort.org/> to stay current on all the latest Snort news! ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs_______________________________________________ <http://p.sf.net/sfu/SauceLabs_______________________________________________> Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users> Please visit http://blog.snort.org <http://blog.snort.org> to stay current on all the latest Snort news! ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs <http://p.sf.net/sfu/SauceLabs> _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users> Please visit http://blog.snort.org <http://blog.snort.org> to stay current on all the latest Snort news!
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Error rules update, (continued)
- Re: Error rules update Jeremy Hoel (Apr 30)
- Re: Error rules update waldo kitty (Apr 30)
- Re: Error rules update basant subba (Apr 30)
- Re: Error rules update Jeremy Hoel (Apr 30)
- Re: Error rules update Joel Esler (jesler) (Apr 30)
- Message not available
- Re: Error rules update basant subba (May 01)
- Re: Error rules update Jeremy Hoel (May 01)
- Re: Error rules update basant subba (Apr 30)
- Re: Error rules update Joel Esler (jesler) (Apr 30)
- Re: Error rules update Jeremy Hoel (Apr 30)
- Re: Error rules update Jeremy Hoel (Apr 30)