Re: pulledpork config two different error messages

[Y M <snort () outlook com>]

Most probably, you are getting the first error because you are requesting the "registered" ruleset. For that to work 
you need to specify the oinkcode in pulledpork.conf.

Just login to snort.org and generate an oinkcode. This should take care of the second error given that you revert the 
URL back to its original state.

Sent from Mobile
________________________________
From: Flo<mailto:Flo.Matuschek () web de>
Sent: ‎1/‎1/‎2015 4:14 PM
To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: [Snort-users] pulledpork config two different error messages

Hi Forum Users,


my Problem is with Snort in the Version 2.9.7.0 and I this try to
Install this with:

Setup Guide: „Snort 2.9.6.2 on Ubuntu 12 LTS and 14 LTS“(from the Site:
www.snort.org <http://www.snort.org/>)

I'm about the Chapter 11 with the headline „Rulesets and a Snort Code“.


After editing the „/etc/snort/pulledpork.conf“ like the guide,I run
following command:
sudo /usr/local/bin/pulledpork.pl -c /etc/snort/pulledpork.conf -l


Now I get the error message:

Checking latest MD5 for snortrules -2970.tar.gz.....

Error 422 when fetching https://www.snort.org/
<https://www.snort.org/reg-rules/snortrules-snapshot-2970.tar.gz.md5>reg-rules/snortrules-snapshot-2970.tar.gz.md5
<https://www.snort.org/reg-rules/snortrules-snapshot-2970.tar.gz.md5> at
/usr/local/bin/pulledpork.pl line 463

main::md5file('<XXX>', 'snortrules – snapshot-2970-tar.gz' ,' /tmp/' ,
'https://www.snort.org/reg-rules/&apos;) called at
/usr/local/bin/pulledpork.pl line 1847


Now I found following text more times:

„So, once it is working on the snort.org<http://snort.org/> website, the
new rule_url line should be as you specified below, with no |, ignoring
the rules specified?“

So I removed the Pipe- Symbols in the three lines with insert my <oinkcode>.

Then
the upper errormessage disappeared but a new come in additon:

„You need to define an oinkcode, please review the rule_url section of the
pulledpork config file! “at /usr/local/bin/pulledpork.pl line 1801.

What can I do now? My search hours are not sucessful.
Thanks!

------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!