You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm having a problem with pulledpork, and pulling down rules for snort 3.
I'm using the latest release of snort on github (3.1.3.0)
I discovered quickly that there is not a snortrules-snapshot for version 3.1.3.0 available via snort.org
So I suppose my first question/problem is:
Are "releases" on github.com for snort 3 considered "stable"? Should they be used in a production environment?
If so, that there aren't any snortrules-snapshots available for them is problematic.
If not, problem solved, I'll just download the version of snort3 specified on snort.org.
That brings me to my primary issue: if I run pulledpork.pl with the "-S" argument to specify a previous version of snort3 (e.g. -S 3.1.0.0) in order to download rules, it expects there to be a snort.conf file.
Snort 3.0 detected, future Snort 3.0 processing
Generating Stub Rules....
Something failed in the gen_stubs sub, please verify your shared object config!
ERROR: The file that you specified: /usr/local/etc/snort/snort.conf does not exist! Please verify your configuration.
"Why don't you get rid of the config_path argument, then?"
Here's what happens when I remove the config_path option from my pulledpork.conf file:
Snort 3.0 detected, future Snort 3.0 processing
Generating Stub Rules....
Use of uninitialized value $Snort_config in -f at /usr/local/bin/pulledpork.pl line 821.
Something failed in the gen_stubs sub, please verify your shared object config!
Use of uninitialized value $Snort_config in -f at /usr/local/bin/pulledpork.pl line 856.
Use of uninitialized value $Snort_config in concatenation (.) or string at /usr/local/bin/pulledpork.pl line 857.
ERROR: The file that you specified: does not exist! Please verify your configuration.
Note: I was able to get pulledpork to work by adding in the -T (text-only rules) option:
Hey Hey, Swine people.
I'm having a problem with pulledpork, and pulling down rules for snort 3.
I'm using the latest release of snort on github (3.1.3.0)
I discovered quickly that there is not a snortrules-snapshot for version 3.1.3.0 available via snort.org
So I suppose my first question/problem is:
Are "releases" on github.com for snort 3 considered "stable"?
Should they be used in a production environment?
If so, that there aren't any snortrules-snapshots available for them is problematic.
If not, problem solved, I'll just download the version of snort3 specified on snort.org.
That brings me to my primary issue: if I run pulledpork.pl with the "-S" argument to specify a previous version of snort3 (e.g. -S 3.1.0.0) in order to download rules, it expects there to be a snort.conf file.
Here is my pulledpork.conf:
Here are the arguments that I run for pulledpork.pl:
pulledpork.pl -W -vv -c /usr/local/etc/pulledpork/pulledpork.conf -S 3.1.0.0 -l -P -EHere is the error I get from the verbose output:
"Why don't you get rid of the config_path argument, then?"
Here's what happens when I remove the config_path option from my pulledpork.conf file:
Note: I was able to get pulledpork to work by adding in the -T (text-only rules) option:
pulledpork.pl -W -vv -c /usr/local/etc/pulledpork/pulledpork.conf -S 3.1.0.0 -l -P -E -TMy problem with that is that means I don't get any SO rules. That's somewhat annoying.
The text was updated successfully, but these errors were encountered: