search

Quantalytics / pulledpork

Automatically exported from code.google.com/p/pulledpork
GNU General Public License v2.0
0 stars 0 forks source link

Suricata support #68

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Attempt to download ET rules for the Suricata platform

What is the expected output? What do you see instead?
The snort_version variable needs to allow for being set to "suricata" instead 
of a Snort version.

What version of the product are you using? On what operating system?
Pulledpork 0.5.0 on Linux

Please provide any additional information below.
Alternatively, an option to get a given static URL as the source would work as 
well.

Original issue reported on code.google.com by mchol...@gmail.com on 9 Mar 2011 at 3:35

GoogleCodeExporter commented 9 years ago 
I will be adding this to the next version... probably next minor release

Original comment by Cummin...@gmail.com on 29 Mar 2011 at 7:34

GoogleCodeExporter commented 9 years ago 
in pulledpork.pl 0.6.1, line 1749, changed from
$base_url .= "$oinkcode/snort-$Snortv/";
to
$base_url .= "$oinkcode/$Snortv/";
and it pulled it fine.

Original comment by michel....@gmail.com on 6 Apr 2011 at 8:05

GoogleCodeExporter commented 9 years ago 
as long as you defined the snort_version=suricata in pulledpork.conf

Original comment by michel....@gmail.com on 6 Apr 2011 at 8:11

GoogleCodeExporter commented 9 years ago 
Bug Scrub - Enhancement

Original comment by Cummin...@gmail.com on 7 Jun 2011 at 4:04

GoogleCodeExporter commented 9 years ago 
Is there an ETA for this issue?

Original comment by doug.bu...@gmail.com on 27 Nov 2011 at 10:56

GoogleCodeExporter commented 9 years ago 
I'll look more into this, I know that I have heard that some people are using 
surricata successively

Original comment by Cummin...@gmail.com on 28 Nov 2011 at 5:30

GoogleCodeExporter commented 9 years ago 
This is how I patched pulledpork.pl version 0.6.1

Changed

1745             elsif ( $base_url =~ /emergingthreats.net/ ) {
1746                 $prefix = "ET-";
1747                 my $Snortv = $Snort;
1748                 $Snortv =~ s/(?<=\d\.\d\.\d)\.\d//;
1749                 $base_url .= "$oinkcode/snort-$Snortv/";
1750
1751                 #$Textonly = 1;
1752             }

To

1745             elsif ($base_url =~ /emergingthreats.net/) {
1746               if ($Snort =~ /(?<=\d\.\d\.\d)\.\d/) {
1747                  my $Snortv = $Snort;
1748                  $Snortv  =~ s/(?<=\d\.\d\.\d)\.\d//;
1749                  $base_url .= "$oinkcode/snort-$Snortv/";
1750               }
1751               elsif ($Snort =~ /suricata/i) {
1752                  $base_url .= "$oinkcode/$Snort/";
1753               }
1754             }

Original comment by magick...@gmail.com on 23 May 2012 at 5:49

GoogleCodeExporter commented 9 years ago

Original comment by Cummin...@gmail.com on 15 Nov 2012 at 6:56