Snort mailing list archives
Re: Odp: PulledPork stopped updating and starts duplicate
From: Shirkdog <shirkdog () gmail com>
Date: Fri, 29 May 2015 09:25:26 -0400
As Snort releases new versions, older signature sets are no longer available. We also need more information to help with your issue. Pulledpork looked like it ran successfully. On May 29, 2015 9:23 AM, "Robert Lasota" <wrkilu () wp pl> wrote:
Dnia Piątek, 29 Maja 2015 09:50 Robert Lasota <wrkilu () wp pl> napisał(a) Hi, Did somebody meet with such strange case ? I mean, I had working Pulledpork, then I changed someting (but even I don't know what because I turned out later about that), and now duting run it doesn't display what it update/change in rules and laso it start diplicate rules! After every next run I get in rules directory thse same files with rules but with added the same rules as later :( ./pulledpork.pl -P -k -I security -c etc/pulledpork.conf http://code.google.com/p/pulledpork/ _____ ____ `----,\ ) `--==\\ / PulledPork v0.7.0 - Swine Flu! `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2013 JJ Cummings @_/ / 66\_ cummingsj () gmail com | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Checking latest MD5 for snortrules-snapshot-2962.tar.gz.... They Match Done! Prepping rules from snortrules-snapshot-2962.tar.gz for work.... Done! Reading rules... Reading rules... Activating security rulesets.... Done Modifying Sids.... Done! Processing /tmp/pulledpork-0.7.0/etc/enablesid.conf.... Modified 0 rules Done Processing /tmp/pulledpork-0.7.0/etc/dropsid.conf.... Modified 0 rules Done Processing /tmp/pulledpork-0.7.0/etc/disablesid.conf.... Modified 0 rules Done Setting Flowbit State.... Enabled 777 flowbits Enabled 25 flowbits Enabled 4 flowbits Enabled 2 flowbits Done Writing rules to unique destination files.... Writing rules to /tmp/rules/ Done Generating sid-msg.map.... Done Writing v1 /tmp/sid-msg.map.... Done Fly Piggy Fly! [root@FIREGATE pulledpork-0.7.0] What is going on ? Robert I noticed also, it doesn't actualize (during working) /var/log/sid_changes.log, what the hell ?? I've being sitting on it from morning and nothing... still I can't find the reason :( Robert ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Odp: PulledPork stopped updating and starts duplicate Robert Lasota (May 29)
- Re: Odp: PulledPork stopped updating and starts duplicate Shirkdog (May 29)
- Re: PulledPork stopped updating and starts duplicate Joel Esler (jesler) (May 29)
- Re: Odp: PulledPork stopped updating and starts duplicate Shirkdog (May 29)