PDA

View Full Version : [Solved] snort + oikmaster or pulledpork

graudeejs
July 31st, 2010, 12:27
Which one do you recommend?

I feel a bit confused about links to download rules from snort.org

should I use:
url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode here>/<filename>
or
url = http://www.snort.org/pub-bin/oinkmaster.cgi/<filename>/<oinkcode here>


# oinkmaster -o /usr/local/etc/snort/rules
Loading /usr/local/etc/oinkmaster.conf
Downloading file from http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2860.tar.gz...
/usr/local/bin/oinkmaster: Error: could not download from http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2860.tar.gz. Output from wget follows:

http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2860.tar.gzResolving www.snort.org... 68.177.102.20
Connecting to www.snort.org|68.177.102.20|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://s3.amazonaws.com/snort.org/rules/20100701/snortrules-snapshot-2860.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1280573919&Signature=RU6sre4X93ya%2FsvPjybGG9
pmHEY%3D [following]
--2010-07-31 13:58:09-- https://s3.amazonaws.com/snort.org/rules/20100701/snortrules-snapshot-2860.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1280573919&Signature=RU6sre4X9
3ya%2FsvPjybGG9pmHEY%3D
Resolving s3.amazonaws.com... 72.21.211.164
Connecting to s3.amazonaws.com|72.21.211.164|:443... failed: Operation not permitted.
Retrying.

--2010-07-31 13:58:10-- (try: 2) https://s3.amazonaws.com/snort.org/rules/20100701/snortrules-snapshot-2860.tar.gz?AWSAccessKeyId=AKIAJJSHU7YNPLE5MKOQ&Expires=1280573919&Signature
=RU6sre4X93ya%2FsvPjybGG9pmHEY%3D
Connecting to s3.amazonaws.com|72.21.211.164|:443... failed: Operation not permitted.
Retrying.
graudeejs
July 31st, 2010, 19:17
uhh, finally I managed to download rules with oinkmaster :D
enhanced
March 22nd, 2011, 21:27
I realize that this thread is a little outdated, but I figure I would respond anyway (since I'm the creator of PulledPork) and of course thus I will put my shameless plug in for PulledPork.

Beyond that, I see output from oinkmaster, were you having issues downloading using PP also or?�e
graudeejs
March 23rd, 2011, 10:10
Beyond that, I see output from oinkmaster, were you having issues downloading using PP also or?�e

Not sure what you mean after PP
enhanced
March 23rd, 2011, 15:26
Was just saying that I know you were having issues downloading rulesets with oinkmaster, was wondering if you were also having issues using PP (Pulled Pork) ?
graudeejs
March 23rd, 2011, 15:30
Sorry, I don't remember....