Snort mailing list archives
PulledPork Stopped Working
From: Keith Pachulski <keith.pachulski () healthnetworklabs com>
Date: Mon, 9 Jan 2017 18:59:24 +0000
Pulledpork was working fine for me until this latest snort update so looking for some advice on how to correct the error: $ ./pulledpork.pl -c /home/snort/pulledpork/etc/pulledpork.conf -I security -P -e /home/snort/pulledpork/etc/enablesid.conf -vv https://github.com/shirkdog/pulledpork _____ ____ `----,\ ) `--==\\ / PulledPork v0.7.3 - Making signature updates great again! `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2016 JJ Cummings @_/ / 66\_ cummingsj () gmail com | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Config File Variable Debug /home/snort/pulledpork/etc/pulledpork.conf sid_msg_version = 1 IPRVersion = /home/snort/rules/iplists ignore = deleted.rules,experimental.rules,local.rules snort_path = /usr/local/bin/snort temp_path = /tmp sorule_path = /usr/local/lib/snort_dynamicrules/ sid_msg = /home/snort/rules/etc/sid-msg.map local_rules = /home/snort/rules/local.rules rule_path = /home/snort/rules/snort.rules distro = Ubuntu-12-04 sid_changelog = /home/snort/rules/pullpork-sid_changes.log rule_url = ARRAY(0x1bf0a70) config_path = /home/snort/rules/snort.conf version = 0.7.3 black_list = /home/snort/rules/black_list.rules MISC (CLI and Autovar) Variable Debug: Process flag specified! arch Def is: x86-64 Operating System is: linux CA Certificate File is: OS Default Config Path is: /home/snort/pulledpork/etc/pulledpork.conf Distro Def is: Ubuntu-12-04 security policy specified local.rules path is: /home/snort/rules/local.rules Rules file is: /home/snort/rules/snort.rules Path to enablesid file: /home/snort/pulledpork/etc/enablesid.conf sid changes will be logged to: /home/snort/rules/pullpork-sid_changes.log sid-msg.map Output Path is: /home/snort/rules/etc/sid-msg.map Snort Version is: 2.9.9.0 Snort Config File: /home/snort/rules/snort.conf Snort Path is: /usr/local/bin/snort SO Output Path is: /usr/local/lib/snort_dynamicrules/ Will process SO rules Extra Verbose Flag is Set Verbose Flag is Set File(s) to ignore = deleted.rules,experimental.rules,local.rules Base URL is: https://www.snort.org/rules/|snortrules-snapshot.tar.gz| http://talosintelligence.com/feeds/ip-filter.blf|IPBLACKLIST|open Checking latest MD5 for snortrules-snapshot-2990.tar.gz.... Fetching md5sum for: snortrules-snapshot-2990.tar.gz.md5 ** GET https://www.snort.org/reg-rules/snortrules-snapshot-2990.tar.gz.md5/ ==> 501 Protocol scheme 'https' is not supported (LWP::Protocol::https not installed) (1s) Error 501 when fetching https://www.snort.org/rules/snortrules-snapshot-2990.tar.gz.md5 at /home/snort/pulledpork/pulledpork.pl line 534. main::md5file("", "snortrules-snapshot-2990.tar.gz", "/tmp/", "https://www.snort.org/rules/") called at /home/snort/pulledpork/pulledpork.pl line 2007 $ locate https.pm /usr/local/share/perl/5.22.1/LWP/Protocol/https.pm /usr/share/perl5/URI/https.pm This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication.
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- PulledPork Stopped Working Keith Pachulski (Jan 09)
- Re: PulledPork Stopped Working Joel Esler (jesler) (Jan 09)