Re: Extracting snortrules-2931.tar.gz

[Jeremy Hoel <jthoel () gmail com>]

The link he was using worked fine for me. I tested the get and got the
rules with no no problem.. with the link he had. His problem is not
related to a bad link.

The examples show that you need a file name
(http://snort.org/snort-rules/cli) and when you go to the page before,
the main download page (http://snort.org/snort-rules/?), it shows the
file names. They are not trying to make this overly confusing and
hard.. but it does require some effort and understanding on the
installers part. Or, you could sign in and grab them from the gui, or
use pullpork.  3 different methods to get the rules..

The examples are generic enough that they don't have to change
whenever the rule file changes.  Lets let the developers work on
keeping the software fixed and nor worry about the web page not having
the most specific instructions.


On Tue, Oct 9, 2012 at 7:12 PM, AllowOverride <allowoverride () gmail com> wrote:
> jer,
> i tried the preferred method displayed on oinkcode page.
> it doesnt work for sub/reg unless you know to put 2931. also, other
> methods of wget'ing the url according to docs are supposed to work but
> do not, unless know the exact file name, and thats not always easy to
> find on the ftp site, or by other methods.
>
> just a heads up, that kept me off task for a few days trying to figure
> it out.
>
> suggestion... fix the examples on the oinkcode page.
>
>
>
> On Tue, 2012-10-09 at 17:12 +0000, Jeremy Hoel wrote:
> > The answer is in the text file that you sent back.
> >
> > 2012-10-04 14:07:24 ERROR 403: Forbidden.
> >
> > so however you tried to get the file, it didn't work.  If you used
> > wget and an oink code then you need to check the code.
> >
> >
> > On Tue, Oct 9, 2012 at 4:59 PM, Akinwale Fasuru <fashman2k1 () yahoo com> wrote:
> > > Here is what i gath after running cat....
> > >
> > > --2012-10-04 14:07:23--  
> > > http://www.snort.org/sub-rules/snortrules-snapshot-2931.tar.gz/3b6de1b425e1a20c6f85e705f3631bc958ad11db
> > > Resolving www.snort.org... 23.23.170.170
> > > Connecting to www.snort.org|23.23.170.170|:80... connected.
> > > HTTP request sent, awaiting response... 403 Forbidden
> > > 2012-10-04 14:07:24 ERROR 403: Forbidden.
> > >
> > >
> > > What do u think?
> > >
> > >
> > > --- On Tue, 10/9/12, Jeremy Hoel <jthoel () gmail com> wrote:
> > >
> > > > From: Jeremy Hoel <jthoel () gmail com>
> > > > Subject: Re: [Snort-users] Extracting snortrules-2931.tar.gz
> > > > To: "Akinwale Fasuru" <fashman2k1 () yahoo com>
> > > > Cc: snort-users () lists sourceforge net
> > > > Date: Tuesday, October 9, 2012, 11:53 AM
> > > > to check the size of a file, go to
> > > > the directory where the file is and
> > > > run 'ls -al'.
> > > >
> > > > But since 'file' said it's text and not a tar.gz or zip
> > > > file, then
> > > > that's the problem.  Your download is not correct.
> > > >
> > > > go ahead and run 'cat snortrules-2931.tar.gz'
> > > >
> > > >
> > > >
> > > > On Tue, Oct 9, 2012 at 4:50 PM, Akinwale Fasuru <fashman2k1 () yahoo com>
> > > > wrote:
> > > > > I replied the email you sent earlier saying that i
> > > > didnt know how to check for te size of the file. But i did
> > > > rule the command u asked me here is the response
> > > > > snortrules-2931.tar.gz: ASCII text
> > > > >
> > > > >
> > > > > --- On Tue, 10/9/12, Jeremy Hoel <jthoel () gmail com>
> > > > wrote:
> > > > > > From: Jeremy Hoel <jthoel () gmail com>
> > > > > > Subject: Re: [Snort-users] Extracting
> > > > snortrules-2931.tar.gz
> > > > > > To: "Akinwale Fasuru" <fashman2k1 () yahoo com>
> > > > > > Cc: snort-users () lists sourceforge net
> > > > > > Date: Tuesday, October 9, 2012, 11:46 AM
> > > > > > You never got back to me about the
> > > > > > size of the file and if the file
> > > > > > was complete.
> > > > > >
> > > > > > the error makes it sound like it's not a tar.gz
> > > > file.
> > > > > > you need to very you got the whole file and that
> > > > it's not
> > > > > > just a text error.
> > > > > >
> > > > > > run 'file snortrules-2931.tar.gz' and see what it
> > > > says.
> > > > > > On Tue, Oct 9, 2012 at 4:29 PM, Akinwale Fasuru
> > > > <fashman2k1 () yahoo com>
> > > > > > wrote:
> > > > > > > Hello everyone,
> > > > > > >  I am still having problems extracting
> > > > > > snortrules-2931.tar.gz
> > > > > > > tar -xzvf snortrules-2931.tar.gz
> > > > > > > > I get this erro message
> > > > > > > >
> > > > > > > > zip: stdin: not in gzip format
> > > > > > > >
> > > > > > > > tar: Child returned status 1
> > > > > > > >
> > > > > > > > tar: Error is not recoverable: exiting
> > > > now
> > > > > > >
> > > > ------------------------------------------------------------------------------
> > > > > > > Don't let slow site performance ruin your
> > > > business.
> > > > > > Deploy New Relic APM
> > > > > > > Deploy New Relic app performance management
> > > > and know
> > > > > > exactly
> > > > > > > what is happening inside your Ruby, Python,
> > > > PHP, Java,
> > > > > > and .NET app
> > > > > > > Try New Relic at no cost today and get our
> > > > sweet Data
> > > > > > Nerd shirt too!
> > > > > > > http://p.sf.net/sfu/newrelic-dev2dev
> > > > _______________________________________________
> > > > > > > Snort-users mailing list
> > > > > > > Snort-users () lists sourceforge net
> > > > > > > Go to this URL to change user options or
> > > > unsubscribe:
> > > > > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > > > > Snort-users list archive:
> > > > > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > > > > >
> > > > > > > Please visit http://blog.snort.org to stay current on
> > > > > > all the latest Snort news!
> >
> > ------------------------------------------------------------------------------
> > Don't let slow site performance ruin your business. Deploy New Relic APM
> > Deploy New Relic app performance management and know exactly
> > what is happening inside your Ruby, Python, PHP, Java, and .NET app
> > Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> > http://p.sf.net/sfu/newrelic-dev2dev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!