It's has to be in the URL then. Please post the rule_url again.

YM

Sent from Mobile

From: Matt M.
Sent: ‎8/‎29/‎2014 11:52 PM
To: Y M
Cc: snort-users
Subject: Re: [Snort-users] Pulled Pork 404 Errors?

Yeah, I've tried and still getting 422 errors.  I tried using HTTP/HTTPS and /rules/ and /reg-rules/... all the same 422 error.  I did add my oink code and tried regenerating it too.


On Fri, Aug 29, 2014 at 3:29 PM, Y M <snort@outlook.com> wrote:



Date: Fri, 29 Aug 2014 15:24:43 -0500

Subject: Re: [Snort-users] Pulled Pork 404 Errors?
From: mr10001@gmail.com
To: snort@outlook.com
CC: snort-users@lists.sourceforge.net

That last error was my fault, wget did not work as expected.  I replaced the pulledpork.conf file with what was on google code and I'm back to error 422

The old conf file was using "http" instead of "https".  Ok, can you try regenerating you oinkcode, and test? You can do so by logging into snort.org. If that also does not work, then it may be not from your end, just a guess.

YM


Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
Error 422 when fetching https://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 463.
main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/', 'https://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl line 1847


On Fri, Aug 29, 2014 at 3:19 PM, Matt M. <mr10001@gmail.com> wrote:
When I try using the conf file that you linked from google code and run:sudo pulledpork.pl -c /etc/pulledpork/pulledpork.conf
I get an error:
You are not using the current version of pulledpork.conf!

Please use the version that shipped with PulledPork v0.7.0 - Swine Flu!!


On Fri, Aug 29, 2014 at 3:14 PM, Matt M. <mr10001@gmail.com> wrote:
Now I receive a 422 error:

Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
Error 422 when fetching http://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 463.
main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/', 'http://www.snort.org/reg-rules/') called at /usr/local/bin/pulledpork.pl line 1847


On Fri, Aug 29, 2014 at 3:11 PM, Y M <snort@outlook.com> wrote:
Date: Fri, 29 Aug 2014 15:08:08 -0500
Subject: Re: [Snort-users] Pulled Pork 404 Errors?
From: mr10001@gmail.com
To: snort@outlook.com
CC: snort-users@lists.sourceforge.net

You bet:

This is what I have...



Ok, I am not familiar with brew packages, but the URL above may be wrong. Replace the "/rules/" with "/reg-rules/" and try again. From the original pulledpork.conf: https://code.google.com/p/pulledpork/source/browse/trunk/etc/pulledpork.conf

YM


On Fri, Aug 29, 2014 at 3:05 PM, Y M <snort@outlook.com> wrote:
Date: Fri, 29 Aug 2014 14:37:46 -0500
From: mr10001@gmail.com
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] Pulled Pork 404 Errors?

Total Noob Here,

I'm receiving the following error and cannot seem to figure out how to resolve it:
>Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
>A 404 error occurred, please verify your filenames and urls for your tarball!
>Error 404 when fetching https://www.snort.org/rules/snortrules-snapshot-2962.tar.gz.md5 at /usr/local/bin/pulledpork.pl line 463.


Can you post the "rule_url" from your pulledpork.conf? (without your oinkcode).



>main::md5file('<oinkcode>', 'snortrules-snapshot-2962.tar.gz', '/tmp/', 'https://www.snort.org/rules/') called at /usr/local/bin/pulledpork.pl line 1847


I'm on OSX and used brew to install snort and pulled pork v0.7.0.  I've tried modifying both the pullpork.pl and conf file to adjust the url's by removing the ...org/reg-rules/ and change it to ...org/rules/ and even tried to remove the "S" from HTTPS in the url's as well.
I'm I even in the right ballpark?
Thanks for any assistance with this,

--
M, CISSP, GCFE, GCFA

To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory. -John Wheeler

------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/
_______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!



--
Matt M., CISSP, GCFE, GCFA

To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory. -John Wheeler



--
Matt M., CISSP, GCFE, GCFA

To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory. -John Wheeler



--
Matt M., CISSP, GCFE, GCFA

To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory. -John Wheeler



--
Matt M., CISSP, GCFE, GCFA

To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory. -John Wheeler



--
Matt M., CISSP, GCFE, GCFA

To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory. -John Wheeler