Snort mailing list archives

I'm so close I smell Bacon... little more help thanks!

From: PR <oly562 () gmail com>
Date: Fri, 14 Sep 2012 00:15:37 -0700

ok, i am loaded pulledpork.conf... oh and im still sorta waiting for the
info i asked earlier, but i think i have gotten past all that now... 

moving forward...


1. i ran this:

./pulledpork.pl -s /etc/snort/so_rules -p /usr/local/bin/snort
-C /etc/snort.conf -i /etc/snort/disablesid.conf
-b /etc/snort/dropsid.conf -e /etc/snort/enablesid.conf
-M /etc/snort/modifysid.conf -e /etc/snort/enablesid.conf
-c /etc/snort/pulledpork.conf -o /etc/snort/rules/


2. i got this:

Use of uninitialized value $arch in regexp compilation
at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation
at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation
at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation
at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation
at ./pulledpork.pl line 271.
Use of uninitialized value $arch in regexp compilation
at ./pulledpork.pl line 271.
        Done!
~
~

Checking latest MD5 for emerging.rules.tar.gz....
        Error 500 when fetching
https://rules.emergingthreats.net/open/snort-2.9.3/emerging.rules.tar.gz.md5 at ./pulledpork.pl line 453.
        main::md5file('open', 'emerging.rules.tar.gz', '/tmp/',
'https://rules.emergingthreats.net/open/snort-2.9.3/&apos;) called
at ./pulledpork.pl line 1758



3. i checked pulledpork.pl - 271 first,,, 

elsif ( $filename =~ /^preproc_rules\/.*\.rules$/ ) {
            $singlefile =~ s/^preproc_rules\///;
            $tar->extract_file( $filename,
                $temp_path . "/tha_rules/$prefix" . $singlefile );
            print "\tExtracted: /tha_rules/$prefix$singlefile\n"
              if ( $Verbose && !$Quiet );
        }
here ???  elsif ($Sorules   <<<<
            && $filename =~
or here  ???
             /^so_rules\/precompiled\/($Distro)\/($arch)\/($Snort)\/.*
\.so/
            && -d $Sorules
            && !$Textonly )

line 271 is var $Sorules

i believe its complaining about precompiled, ill recheck to see if i
added ubuntu 10.04 anywhere, dont think so, and im running 12.04 which
is not listed yet in docs, however, let me check, if i didn't invoke
precompiled var in pulledpork.conf, where is my mistake?

thanks

------------------------------------------------------------------------------
How fast is your code?
3 out of 4 devs don\\\'t know how their code performs in production.
Find out how slow your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219672;13503038;z?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

I'm so close I smell Bacon... little more help thanks! PR (Sep 15)
- Re: I'm so close I smell Bacon... little more help thanks! James Lay (Sep 15)
  - Re: I'm so close I smell Bacon... little more help thanks! JJC (Sep 15)
    - Re: I'm so close I smell Bacon... little more help thanks! James Lay (Sep 15)
    - Re: I'm so close I smell Bacon... little more help thanks! JJ Cummings (Sep 17)