Snort mailing list archives
Re: Using PP
From: John York <YorkJ () brcc edu>
Date: Thu, 13 Sep 2012 15:04:09 +0000
You are missing some perl modules. If you are using Ubuntu, the quickest way to get them is this: sudo apt-get install libssl-dev libcrypt-ssleay-perl libio-all-lwp-perl Otherwise you can test your Fu with CPAN. See the part in http://code.google.com/p/pulledpork/wiki/FAQ about LWP::Simple Thanks John From: Pratik Narang [mailto:pratik.cse.bits () gmail com] Sent: Thursday, September 13, 2012 5:15 AM To: Heine Lysemose Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Using PP With 'sudo', it says: sudo /usr/local/bin/pulledpork.pl<http://pulledpork.pl> -c /usr/local/snort/etc/pulledpork/pulledpork.conf -C /usr/local/snort/etc/snort.conf -I security Can't locate Crypt/SSLeay.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.14.2 /usr/local/share/perl/5.14.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.14 /usr/share/perl/5.14 /usr/local/lib/site_perl .) at /usr/local/bin/pulledpork.pl<http://pulledpork.pl> line 28. BEGIN failed--compilation aborted at /usr/local/bin/pulledpork.pl<http://pulledpork.pl> line 28. On Thu, Sep 13, 2012 at 1:46 PM, Heine Lysemose <lysemose () gmail com<mailto:lysemose () gmail com>> wrote: Hi Try running the command with sudo. sudo /usr/local/bin/pulledpork.pl<http://pulledpork.pl> -c /usr/local/snort/etc/pulledpork/pulledpork.conf -C /usr/local/snort/etc/snort.conf -I security /Lysemose On Thu, Sep 13, 2012 at 9:11 AM, Pratik Narang <pratik.cse.bits () gmail com<mailto:pratik.cse.bits () gmail com>> wrote:
Well on the advice of few Snort experts on the list I decided to start using Pulled Pork. But I couldn't really make it run yet! Here's the dump from the console. Any help will be appreciated... $ /usr/local/bin/pulledpork.pl<http://pulledpork.pl> -c /usr/local/snort/etc/pulledpork/pulledpork.conf -C /usr/local/snort/etc/snort.conf -I security http://code.google.com/p/pulledpork/ _____ ____ `----,\ ) `--==\\ / PulledPork v0.6.1 the Smoking Pig <////~ `--==\\/ .-~~~~-.Y|\\_ Copyright (C) 2009-2011 JJ Cummings @_/ / 66\_ cummingsj () gmail com<mailto:cummingsj () gmail com> | \ \ _(") \ /-| ||'--' Rules give me wings! \_\ \_\\ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Can't create /usr/local/snort/etc/pulledpork/so_rules.rules - Permission denied at /usr/local/bin/pulledpork.pl<http://pulledpork.pl> line 1548 readline() on closed filehandle FH at /usr/local/bin/pulledpork.pl<http://pulledpork.pl> line 1327. Checking latest MD5 for snortrules-snapshot-2931.tar.gz.... No such file or directory at /usr/local/bin/pulledpork.pl<http://pulledpork.pl> line 457 main::md5file('c475af39408e0e7ad0f4f6d961543b1e7b989c3b', 'snortrules-snapshot-2931.tar.gz', '/usr/local/snort/tmp/', 'https://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl<http://pulledpork.pl> line 1758 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Using PP Pratik Narang (Sep 13)
- Re: Using PP Heine Lysemose (Sep 13)
- Re: Using PP Pratik Narang (Sep 13)
- Re: Using PP Heine Lysemose (Sep 13)
- Re: Using PP Pratik Narang (Sep 13)
- Re: Using PP Peter Bates (Sep 13)
- Re: Using PP Pratik Narang (Sep 13)
- Re: Using PP John York (Sep 13)
- Re: Using PP Michael Steele (Sep 13)
- Re: Using PP Heine Lysemose (Sep 13)