Snort mailing list archives
Re: Error 422 with snortrules-snapshot-2972.tar.gz
From: Scott Link <linksg () slu edu>
Date: Mon, 8 Jun 2015 08:58:26 -0500
Figured it out. In pulledpork.conf, the line starting with rule_url= had a space between the last pipe and our oinkcode. Deleted the space, re-ran, success! Looking at the backup pulledpork.conf files, I see two consecutive days where the file was backed up. The code didn't change between the days and the only thing different is the addition of the space. Weird. So, got 422?: Try wget on the expected URL. If still 422, escalate to snort.org. If not 422, check pulledpork.conf for spurious rule_url entry. Cheers, Scott On Fri, May 29, 2015 at 8:19 AM, Scott Link <linksg () slu edu> wrote:
Joel, I have confirmed the oinkcode in pulledpork.conf matches what's in our account. When I first had this issue, I tried regenerating the code and updating pulledpork.conf and got the same result. Since then, I used wget to pull the ruleset and the file with the md5sum. I think that would also confirm I'm using a valid oinkcode. Thanks, Scott On Fri, May 29, 2015 at 8:07 AM, Joel Esler (jesler) <jesler () cisco com> wrote:Not sure what the issue is, I’m watching the logs on Snort.org right now, and thousands of people seem to not be having a problem. Is your oinkcode valid, no typos in it? -- *Joel Esler* Open Source Manager Threat Intelligence Team Lead Talos Group http://www.talosintel.com On May 29, 2015, at 7:49 AM, Scott Link <linksg () slu edu> wrote: In the meantime, I've applied the latest Security Onion updates. I had to restart nsm service to get everything back online after, but sostat is now reporting all is well. Retried rule-update and the error message is still there. Any additional information I can make a run at tracking down and providing? On Fri, May 22, 2015 at 6:51 PM, Joel Esler (jesler) <jesler () cisco com> wrote:We are going to look into this. However, everyone is pretty much out of the office until Tuesday. -- *Joel Esler* Sent from my iPhone On May 22, 2015, at 4:28 PM, Shirkdog <shirkdog () gmail com> wrote: On May 22, 2015 3:45 PM, "Scott Link" <linksg () slu edu> wrote:Hi, Getting the following error message: Running PulledPork. Error 422 when fetchinghttps://www.snort.org/reg-rules/snortrules-snapshot-2972.tar.gz.md5 at /usr/bin/pulledpork.pl line 463main::md5file(' <oinkcode redacted>','snortrules-snapshot-2972.tar.gz', '/tmp/', ' https://www.snort.org/reg-rules/') called at /usr/bin/pulledpork.pl line 1885http://code.google.com/p/pulledpork/ _____ ____ `----,\ ) `--==\\ / PulledPork v0.7.0 - Swine Flu! `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2013 JJ Cummings @_/ / 66\_ cummingsj () gmail com | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Checking latest MD5 for snortrules-snapshot-2972.tar.gz.... Searching the archive seems to point to server-side issue. Needanything else? Try with Snort version 2.9.7.3 ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!-- Scott Link Manager, ITS Infrastructure Operations Security Saint Louis University www.slu.edu 314.977.9713-- Scott Link Manager, ITS Infrastructure Operations Security Saint Louis University www.slu.edu 314.977.9713
-- Scott Link Manager, ITS Infrastructure Operations Security Saint Louis University www.slu.edu 314.977.9713
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Error 422 with snortrules-snapshot-2972.tar.gz Scott Link (May 22)
- Re: Error 422 with snortrules-snapshot-2972.tar.gz Shirkdog (May 22)
- Re: Error 422 with snortrules-snapshot-2972.tar.gz Joel Esler (jesler) (May 22)
- Re: Error 422 with snortrules-snapshot-2972.tar.gz Scott Link (May 29)
- Re: Error 422 with snortrules-snapshot-2972.tar.gz Joel Esler (jesler) (May 29)
- Re: Error 422 with snortrules-snapshot-2972.tar.gz Scott Link (May 29)
- Re: Error 422 with snortrules-snapshot-2972.tar.gz Scott Link (Jun 08)
- Re: Error 422 with snortrules-snapshot-2972.tar.gz Joel Esler (jesler) (Jun 08)
- Re: Error 422 with snortrules-snapshot-2972.tar.gz Andre DiMino (Jun 26)
- Re: Error 422 with snortrules-snapshot-2972.tar.gz Y M (Jun 26)
- Re: Error 422 with snortrules-snapshot-2972.tar.gz Joel Esler (jesler) (Jun 26)
- Re: Error 422 with snortrules-snapshot-2972.tar.gz Andre DiMino (Jun 26)
- Re: Error 422 with snortrules-snapshot-2972.tar.gz Joel Esler (jesler) (Jun 26)
- Re: Error 422 with snortrules-snapshot-2972.tar.gz Joel Esler (jesler) (May 22)
- Re: Error 422 with snortrules-snapshot-2972.tar.gz Shirkdog (May 22)