Snort mailing list archives

Re: Pulled Pork 404 Errors?

From: Y M <snort () outlook com>
Date: Sat, 30 Aug 2014 00:10:15 +0300

It's has to be in the URL then. Please post the rule_url again.

YM

Sent from Mobile
________________________________
From: Matt M.<mailto:mr10001 () gmail com>
Sent: ‎8/‎29/‎2014 11:52 PM
To: Y M<mailto:snort () outlook com>
Cc: snort-users<mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Pulled Pork 404 Errors?

Yeah, I've tried and still getting 422 errors.  I tried using HTTP/HTTPS
and /rules/ and /reg-rules/... all the same 422 error.  I did add my oink
code and tried regenerating it too.

On Fri, Aug 29, 2014 at 3:29 PM, Y M <snort () outlook com> wrote:

------------------------------
Date: Fri, 29 Aug 2014 15:24:43 -0500

Subject: Re: [Snort-users] Pulled Pork 404 Errors?
From: mr10001 () gmail com
To: snort () outlook com
CC: snort-users () lists sourceforge net

That last error was my fault, wget did not work as expected.  I replaced
the pulledpork.conf file with what was on google code and I'm back to error
422

The old conf file was using "http" instead of "https".  Ok, can you try
regenerating you oinkcode, and test? You can do so by logging into
snort.org. If that also does not work, then it may be not from your end,
just a guess.

YM

Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
 Error 422 when fetching
https://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5 at
/usr/local/bin/pulledpork.pl line 463.
 main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/', '
https://www.snort.org/reg-rules/&apos;) called at /usr/local/bin/pulledpork.pl
line 1847

On Fri, Aug 29, 2014 at 3:19 PM, Matt M. <mr10001 () gmail com> wrote:

When I try using the conf file that you linked from google code and
run:sudo pulledpork.pl -c /etc/pulledpork/pulledpork.conf
I get an error:
You are not using the current version of pulledpork.conf!

Please use the version that shipped with PulledPork v0.7.0 - Swine Flu!!

On Fri, Aug 29, 2014 at 3:14 PM, Matt M. <mr10001 () gmail com> wrote:

Now I receive a 422 error:

Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
 Error 422 when fetching
http://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5 at
/usr/local/bin/pulledpork.pl line 463.
 main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/', '
http://www.snort.org/reg-rules/&apos;) called at /usr/local/bin/pulledpork.pl
line 1847

On Fri, Aug 29, 2014 at 3:11 PM, Y M <snort () outlook com> wrote:

Date: Fri, 29 Aug 2014 15:08:08 -0500
Subject: Re: [Snort-users] Pulled Pork 404 Errors?
From: mr10001 () gmail com
To: snort () outlook com
CC: snort-users () lists sourceforge net

You bet:

This is what I have...

rule_url=http://www.snort.org/rules/|snortrules-snapshot.tar.gz|<oinkcode>

Ok, I am not familiar with brew packages, but the URL above may be wrong.
Replace the "/rules/" with "/reg-rules/" and try again. From the original
pulledpork.conf:
https://code.google.com/p/pulledpork/source/browse/trunk/etc/pulledpork.conf

YM

On Fri, Aug 29, 2014 at 3:05 PM, Y M <snort () outlook com> wrote:

Date: Fri, 29 Aug 2014 14:37:46 -0500
From: mr10001 () gmail com
To: snort-users () lists sourceforge net
Subject: [Snort-users] Pulled Pork 404 Errors?

Total Noob Here,

I'm receiving the following error and cannot seem to figure out how to
resolve it:
 >Checking latest MD5 for snortrules-snapshot-2962.tar.gz....

A 404 error occurred, please verify your filenames and urls for your

tarball!

Error 404 when fetching

https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5 at
/usr/local/bin/pulledpork.pl line 463.


Can you post the "rule_url" from your pulledpork.conf? (without your
oinkcode).

main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/', '

https://www.snort.org/rules/&apos;) called at /usr/local/bin/pulledpork.pl
line 1847


I'm on OSX and used brew to install snort and pulled pork v0.7.0.  I've
tried modifying both the pullpork.pl and conf file to adjust the url's by
removing the ...org/reg-rules/ and change it to ...org/rules/ and even
tried to remove the "S" from HTTPS in the url's as well.
I'm I even in the right ballpark?
Thanks for any assistance with this,

--
M, CISSP, GCFE, GCFA

*“*To disagree leads to study, to study leads to understanding, to
understand is to appreciate, to appreciate is to love. So maybe I’ll end up
loving your theory.*”* -*John Wheeler*

------------------------------------------------------------------------------
Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/
_______________________________________________ Snort-users mailing list
Snort-users () lists sourceforge net Go to this URL to change user options
or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users
<https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users>
list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest
Snort news!




--
Matt M., CISSP, GCFE, GCFA

*“*To disagree leads to study, to study leads to understanding, to
understand is to appreciate, to appreciate is to love. So maybe I’ll end up
loving your theory.*”* -*John Wheeler*




--
Matt M., CISSP, GCFE, GCFA

*“*To disagree leads to study, to study leads to understanding, to
understand is to appreciate, to appreciate is to love. So maybe I’ll end up
loving your theory.*”* -*John Wheeler*




--
Matt M., CISSP, GCFE, GCFA

*“*To disagree leads to study, to study leads to understanding, to
understand is to appreciate, to appreciate is to love. So maybe I’ll end up
loving your theory.*”* -*John Wheeler*




--
Matt M., CISSP, GCFE, GCFA

*“*To disagree leads to study, to study leads to understanding, to
understand is to appreciate, to appreciate is to love. So maybe I’ll end up
loving your theory.*”* -*John Wheeler*




--
Matt M., CISSP, GCFE, GCFA

*“*To disagree leads to study, to study leads to understanding, to
understand is to appreciate, to appreciate is to love. So maybe I’ll end up
loving your theory.*”* -*John Wheeler*

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: Pulled Pork 404 Errors?, (continued)
- - - Re: Pulled Pork 404 Errors? Matt M. (Aug 29)
    - Re: Pulled Pork 404 Errors? Matt M. (Aug 29)
    - Re: Pulled Pork 404 Errors? Y M (Aug 29)
    - Re: Pulled Pork 404 Errors? Matt M. (Aug 29)
    - Re: Pulled Pork 404 Errors? Joel Esler (jesler) (Aug 29)
    - Re: Pulled Pork 404 Errors? Joel Esler (jesler) (Aug 29)
    - Re: Pulled Pork 404 Errors? Matt M. (Aug 29)
    - Re: Pulled Pork 404 Errors? Matt M. (Aug 29)
    - Re: Pulled Pork 404 Errors? Matt M. (Aug 29)
    - Re: Pulled Pork 404 Errors? Joel Esler (jesler) (Aug 29)
- Re: Pulled Pork 404 Errors? Y M (Aug 29)