Re: Fwd: Re: Snort IP blacklist issue (Pulledprok)

["Nicolas Lepolard" <Nicolas.Lepolard () ejco com>]

Ok guys, thank you for your reply.
I have changed the directory "/opt/snort/tmp" in "/tmp" but I still have 
the same issue ... As I have mentioned, it doesn't work with "/tmp".
I don't know what i can do now...

Nicolas



De :    Shirkdog <shirkdog () gmail com>
A :     wkitty42 () windstream net
Cc :    snort-users mailinglist <snort-users () lists sourceforge net>
Date :  04/02/2016 18:49
Objet : Re: [Snort-users] Fwd: Re:  Snort IP blacklist issue (Pulledprok)



Right, pulledpork can make the reasonable assumption that /tmp exists on a 
UNIX like operating system :)
On Feb 4, 2016 12:26 PM, <wkitty42 () windstream net> wrote:


did you miss micolas' earlier post (below)... like 61 is one of those he 
changed ;)

-------- Forwarded Message --------
Subject:        Re: [Snort-users] Snort IP blacklist issue (Pulledprok)
Date:   Thu, 4 Feb 2016 10:40:29 +0100
From:   Nicolas Lepolard <Nicolas.Lepolard () ejco com>
To:     Shirkdog <shirkdog () gmail com>
CC:     snort-users () lists sourceforge net



Hi,

Thank you for your reply !

I have checked and I think my config is OK. Here, are the variables that I 
have
modified in my pulledpork.conf file :

Line19
  rule_url=https://www.snort.org/reg_rules/|snortrules-snapshot.tar.gz|<my 
oinkcode>
Line 26        rule_url=https://www.snort.org/reg-rules/|opensource.gz|<my 
oinkcode>
Line 61        temp_path=/opt/snort/tmp (I have changed  the path cause it
didn't worked with /tmp, the permissions are OK)
Line 74        rule_path=/etc/snort/rules/snort.rules
Line 89        local_rules=/etc/snort/rules/local.rules
Line 92        sid_msg=/etc/snort/sid-msg.map
Line 96        sid_msg_version=2
Line 119        config_path=/etc/snort/snort.conf
Line 133        distro=Debian-6.0
Line 141 black_list=/etc/snort/rules/iplists/black_list.rules
Line 150        IPRVersion=/etc/snort/rules/iplists

Thank for your help.

Best regards

Nicolas
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort 
news!


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!