Re: Problem with community rule set

[Terry John <Terry.John () completeautomotivesolutions co uk>]

I'm aware 2970 is EOL. I didn't understand why the same rule_url was asking for different versions but that's academic 
now. Because removing the 'www' did work. On both of them! So it's all good now. The working rule is:

rule_url=https://snort.org/downloads/community/|community-rules.tar.gz|Community

Your reference to the blog entry was correct. I'd found http://seclists.org/snort/2015/q4/150 in which the www is in 
the url. Can't see why it should make a difference but it did.

Thanks very much

Terry



From: Y M [mailto:snort () outlook com]
Sent: 03 November 2015 13:26
To: Terry John
Cc: snort-users
Subject: RE: [Snort-users] Problem with community rule set

I think you need to remove the "www". Check this blog post on Snort's blog for the current working URL: 
http://blog.snort.org/2015/10/are-you-getting-404-errors-attempting.html

For the second part of the question, do you have other rule_url variables defined in pulledpork.conf? I think the 2970 
is EOL: https://www.snort.org/eol

YM
_____________________________
From: Terry John <terry.john () completeautomotivesolutions co uk<mailto:terry.john () completeautomotivesolutions co 
uk>>
Sent: Tuesday, November 3, 2015 4:03 PM
Subject: RE: [Snort-users] Problem with community rule set
To: Y M <snort () outlook com<mailto:snort () outlook com>>, snort-users <snort-users () lists sourceforge 
net<mailto:snort-users () lists sourceforge net>>



I tried the recommended

rule_url=https://www.snort.org/downloads/community/|community-rules.tar.gz|Community

But on both servers it gave me a 422 error but on the bad server it was still looking for the 
snortrules-snapshot-2970.tar.gz file

Terry


From: Y M [mailto:snort () outlook com]
Sent: 03 November 2015 12:48
To: Terry John; snort-users
Subject: Re: [Snort-users] Problem with community rule set

The URLs and the difference between them that you are seeing is for the registered/subscribed rules.

Community ruleset tarball does not have version numbers.

YM


On Tue, Nov 3, 2015 at 4:20 AM -0800, "Terry John" <Terry.John () completeautomotivesolutions co uk<mailto:Terry.John 
() completeautomotivesolutions co uk>> wrote:
I have 2 servers with what I think are identical requests for pulled pork. I have cut and paste the same thing:

rule_url=https://www.snort.org/downloads/community/|community-rules.tar.gz|<oinkcode><https://www.snort.org/downloads/community/|community-rules.tar.gz|%3coinkcode%3e>

One correctly says:

Checking latest MD5 for snortrules-snapshot-2975.tar.gz....

The other says:

Checking latest MD5 for snortrules-snapshot-2970.tar.gz....

Which is no longer available so pulled pork fails

Can anyone tell me why?

Thanks

Terry



The Manheim group of companies within the UK comprises: Manheim Europe Limited (registered number: 
03183918<tel:03183918>), Manheim Auctions Limited (registered number: 00448761<tel:00448761>), Manheim Retail Services 
Limited (registered number: 02838588<tel:02838588>), Motors.co.uk<http://motors.co.uk> Limited (registered number: 
05975777<tel:05975777>), Real Time Communications Limited (registered number: 04277845<tel:04277845>) and Complete 
Automotive Solutions Limited (registered number: 05302535<tel:05302535>). Each of these companies is registered in 
England and Wales with the registered office address of Central House, Leeds Road, Rothwell, Leeds LS26 0JE. The 
Manheim group of companies operates under various brand/trading names including Manheim Inspection Services, Manheim 
Auctions, Manheim Direct, Manheim De-fleet and Manheim Aftersales Solutions.

V:0CF72C13B2AC



------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!