Closed sfscott closed 5 years ago
Really should think about making the oinkcode its own variable line instead of inline. As confusing as this may be for the end user, the logs on snort.org tell me it's very confusing for most people.
I would agree. Any idea what's going on with my downloads?
UPDATE: This was a misleading error. When I rebooted and cleared /tmp the error disappeared.
This resolved itself after a fresh reboot and /tmp was cleared. The error itself was misleading.
I have gotten pulled pork working but am experiencing the following error when I try to download both the rules update tar ball and the Community update tar balls.
The script grabs the Community oink code for both downloads and fails. Or if I use my oink code for both lines in the config, it downloads the rules update package twice and never downloads community. I've also tried removing the community oink code but it errs out and says I need an oink code.
Below are my configs for both scenarios:
Scenario 1 - Community oink code set to 'Community'
Config: rule_url=http://www.snort.org/downloads/registered/|snortrules-snapshot-29120.tar.gz|cexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb
NEW Community ruleset:
rule_url=http://www.snort.org/downloads/community/|community-rules.tar.gz|Community
Result: Checking latest MD5 for snortrules-snapshot-29120.tar.gz.... They Match Done! Checking latest MD5 for snortrules-snapshot-29120.tar.gz.... Error downloading https://www.snort.org/rules/snortrules-snapshot-29120.tar.gz.md5?oinkcode=Community: 422 Unprocessable Entity [ 422 ]
Scenario 2 - Oink code used for both rules update and community Config rule_url=http://www.snort.org/downloads/registered/|snortrules-snapshot-29120.tar.gz|cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb
NEW Community ruleset:
rule_url=http://www.snort.org/downloads/community/|community-rules.tar.gz|cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb
Result Checking latest MD5 for snortrules-snapshot-29120.tar.gz.... They Match Done! Checking latest MD5 for snortrules-snapshot-29120.tar.gz.... They Match Done! IP Blacklist download of https://talosintelligence.com/documents/ip-blacklist.... Reading IP List...
Thanks for the assist!