Snort mailing list archives
Re: Pulled Pork 404 Errors?
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Fri, 29 Aug 2014 22:11:31 +0000
Glad you got it all straightened out. -- Joel Esler Sent from my iPhone On Aug 29, 2014, at 18:03, "Matt M." <mr10001 () gmail com<mailto:mr10001 () gmail com>> wrote: More good news! The 422 error was caused by an incorrect oinkcode, it's all better now. Thanks everyone! On Fri, Aug 29, 2014 at 4:56 PM, Matt M. <mr10001 () gmail com<mailto:mr10001 () gmail com>> wrote: Good News! Joel was kind enough to point out my supreme intelligence... ;) I did not remove <> from my oinkcode section. However, now I'm running into 422 errors on the IP Blacklist download section. On Fri, Aug 29, 2014 at 4:44 PM, Matt M. <mr10001 () gmail com<mailto:mr10001 () gmail com>> wrote: Here's my conf file line Y requested rule_url=http://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<http://www.snort.org/reg-rules/%7Csnortrules-snapshot.tar.gz%7C> Joel, you'll have an email in a sec. On Fri, Aug 29, 2014 at 4:39 PM, Joel Esler (jesler) <jesler () cisco com<mailto:jesler () cisco com>> wrote: Can you email me your oinkcode off list? We just verified everything is fine on the server side. On Aug 29, 2014, at 4:52 PM, Matt M. <mr10001 () gmail com<mailto:mr10001 () gmail com>> wrote: Yeah, I've tried and still getting 422 errors. I tried using HTTP/HTTPS and /rules/ and /reg-rules/... all the same 422 error. I did add my oink code and tried regenerating it too. On Fri, Aug 29, 2014 at 3:29 PM, Y M <snort () outlook com<mailto:snort () outlook com>> wrote: ________________________________ Date: Fri, 29 Aug 2014 15:24:43 -0500 Subject: Re: [Snort-users] Pulled Pork 404 Errors? From: mr10001 () gmail com<mailto:mr10001 () gmail com> To: snort () outlook com<mailto:snort () outlook com> CC: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> That last error was my fault, wget did not work as expected. I replaced the pulledpork.conf file with what was on google code and I'm back to error 422 The old conf file was using "http" instead of "https". Ok, can you try regenerating you oinkcode, and test? You can do so by logging into snort.org<http://snort.org/>. If that also does not work, then it may be not from your end, just a guess. YM Checking latest MD5 for snortrules-snapshot-2962.tar.gz.... Error 422 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5 at /usr/local/bin/pulledpork.pl<http://pulledpork.pl/> line 463. main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl<http://pulledpork.pl/> line 1847 On Fri, Aug 29, 2014 at 3:19 PM, Matt M. <mr10001 () gmail com<mailto:mr10001 () gmail com>> wrote: When I try using the conf file that you linked from google code and run:sudo pulledpork.pl<http://pulledpork.pl/> -c /etc/pulledpork/pulledpork.conf I get an error: You are not using the current version of pulledpork.conf! Please use the version that shipped with PulledPork v0.7.0 - Swine Flu!! On Fri, Aug 29, 2014 at 3:14 PM, Matt M. <mr10001 () gmail com<mailto:mr10001 () gmail com>> wrote: Now I receive a 422 error: Checking latest MD5 for snortrules-snapshot-2962.tar.gz.... Error 422 when fetching http://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5at /usr/local/bin/pulledpork.pl<http://pulledpork.pl/> line 463. main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/', 'http://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl<http://pulledpork.pl/> line 1847 On Fri, Aug 29, 2014 at 3:11 PM, Y M <snort () outlook com<mailto:snort () outlook com>> wrote: Date: Fri, 29 Aug 2014 15:08:08 -0500 Subject: Re: [Snort-users] Pulled Pork 404 Errors? From: mr10001 () gmail com<mailto:mr10001 () gmail com> To: snort () outlook com<mailto:snort () outlook com> CC: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> You bet: This is what I have... rule_url=http://www.snort.org/rules/|snortrules-snapshot.tar.gz|<http://www.snort.org/rules/%7csnortrules-snapshot.tar.gz%7c><oinkcode> Ok, I am not familiar with brew packages, but the URL above may be wrong. Replace the "/rules/" with "/reg-rules/" and try again. From the original pulledpork.conf: https://code.google.com/p/pulledpork/source/browse/trunk/etc/pulledpork.conf YM On Fri, Aug 29, 2014 at 3:05 PM, Y M <snort () outlook com<mailto:snort () outlook com>> wrote: Date: Fri, 29 Aug 2014 14:37:46 -0500 From: mr10001 () gmail com<mailto:mr10001 () gmail com> To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: [Snort-users] Pulled Pork 404 Errors? Total Noob Here, I'm receiving the following error and cannot seem to figure out how to resolve it:
Checking latest MD5 for snortrules-snapshot-2962.tar.gz.... A 404 error occurred, please verify your filenames and urls for your tarball! Error 404 when fetching https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5 at /usr/local/bin/pulledpork.pl<http://pulledpork.pl/> line 463.
Can you post the "rule_url" from your pulledpork.conf? (without your oinkcode).
main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/', 'https://www.snort.org/rules/') called at
/usr/local/bin/pulledpork.pl<http://pulledpork.pl/> line 1847
I'm on OSX and used brew to install snort and pulled pork v0.7.0. I've tried modifying both the pullpork.pl<http://pullpork.pl/> and conf file to adjust the url's by removing the ...org/reg-rules/ and change it to ...org/rules/ and even tried to remove the "S" from HTTPS in the url's as well. I'm I even in the right ballpark? Thanks for any assistance with this, -- M, CISSP, GCFE, GCFA “To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters.http://tv.slashdot.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users> list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news! -- Matt M., CISSP, GCFE, GCFA “To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler -- Matt M., CISSP, GCFE, GCFA “To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler -- Matt M., CISSP, GCFE, GCFA “To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler -- Matt M., CISSP, GCFE, GCFA “To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler -- Matt M., CISSP, GCFE, GCFA “To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! -- Matt M., CISSP, GCFE, GCFA “To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler -- Matt M., CISSP, GCFE, GCFA “To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler -- Matt M., CISSP, GCFE, GCFA “To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler
------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Pulled Pork 404 Errors?, (continued)
- Re: Pulled Pork 404 Errors? Matt M. (Aug 29)
- Re: Pulled Pork 404 Errors? Matt M. (Aug 29)
- Re: Pulled Pork 404 Errors? Matt M. (Aug 29)
- Re: Pulled Pork 404 Errors? Y M (Aug 29)
- Re: Pulled Pork 404 Errors? Matt M. (Aug 29)
- Re: Pulled Pork 404 Errors? Joel Esler (jesler) (Aug 29)
- Re: Pulled Pork 404 Errors? Joel Esler (jesler) (Aug 29)
- Re: Pulled Pork 404 Errors? Matt M. (Aug 29)
- Re: Pulled Pork 404 Errors? Matt M. (Aug 29)
- Re: Pulled Pork 404 Errors? Matt M. (Aug 29)
- Re: Pulled Pork 404 Errors? Joel Esler (jesler) (Aug 29)