Re: Odp: PulledPork stopped updating and starts duplicate

[Shirkdog <shirkdog () gmail com>]

As Snort releases new versions, older signature sets are no longer
available.

We also need more information to help with your issue. Pulledpork looked
like it ran successfully.
On May 29, 2015 9:23 AM, "Robert Lasota" <wrkilu () wp pl> wrote:

> Dnia Piątek, 29 Maja 2015 09:50 Robert Lasota <wrkilu () wp pl> napisał(a)
>
> Hi,
>
>
> Did somebody meet with such strange case ? I mean, I had working
> Pulledpork, then I changed someting (but even I don't know what because I
> turned out later about that), and now duting run it doesn't display what it
> update/change in rules and laso it start diplicate rules! After every next
> run I get in rules directory thse same files with rules but with added the
> same rules as later :(
>
>
>
> ./pulledpork.pl -P -k -I security -c etc/pulledpork.conf
>
>     http://code.google.com/p/pulledpork/
>       _____ ____
>      `----,\    )
>       `--==\\  /    PulledPork v0.7.0 - Swine Flu!
>        `--==\\/
>      .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
>   @_/        /  66\_  cummingsj () gmail com
>     |    \   \   _(")
>      \   /-| ||'--'  Rules give me wings!
>       \_\  \_\\
>  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
>         They Match
>         Done!
> Prepping rules from snortrules-snapshot-2962.tar.gz for work....
>         Done!
> Reading rules...
> Reading rules...
> Activating security rulesets....
>         Done
> Modifying Sids....
>         Done!
> Processing /tmp/pulledpork-0.7.0/etc/enablesid.conf....
>         Modified 0 rules
>         Done
> Processing /tmp/pulledpork-0.7.0/etc/dropsid.conf....
>         Modified 0 rules
>         Done
> Processing /tmp/pulledpork-0.7.0/etc/disablesid.conf....
>         Modified 0 rules
>         Done
> Setting Flowbit State....
>         Enabled 777 flowbits
>         Enabled 25 flowbits
>         Enabled 4 flowbits
>         Enabled 2 flowbits
>         Done
> Writing rules to unique destination files....
>         Writing rules to /tmp/rules/
>         Done
> Generating sid-msg.map....
>         Done
> Writing v1 /tmp/sid-msg.map....
>         Done
> Fly Piggy Fly!
> [root@FIREGATE pulledpork-0.7.0]
>
>
>
> What is going on ?
>
> Robert
>
>
>
>
>
> I noticed also, it doesn't actualize (during working)
> /var/log/sid_changes.log, what the hell ?? I've being sitting on it from
> morning and nothing... still I can't find the reason :(
>
>
>
> Robert
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!