<!DOCTYPE html PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'>
<html><head><meta http-equiv="Content-Type" content="text/html;charset=utf-8">
<style>BODY{font:10pt Tahoma,Verdana,sans-serif} .MsoNormal{line-height:120%;margin:0}</style></head><body>
PulledPork is what I thought of trying now.  Just trying to find the best instructions.<br><br>Thanks.<br><br>Leonard Jacobs<br><blockquote style="padding-left: 5px; margin-left: 5px; border-left: #0000ff 2px solid; margin-right: 0px"><hr><b>From:</b> Joel Esler (jesler) [mailto:jesler@cisco.com]<br><b>To:</b> Jason Williams [mailto:jwilliams@emergingthreats.net]<br><b>Cc:</b> Leonard Jacobs [mailto:ljacobs@netsecuris.com], oisf-users@openinfosecfoundation.org [mailto:oisf-users@openinfosecfoundation.org], Emerging Sigs [mailto:emerging-sigs@emergingthreats.net]<br><b>Sent:</b> Thu, 05 Nov 2015 06:46:09 -0600<br><b>Subject:</b> Re: [Emerging-Sigs] [Oisf-users] Having Problem with Oinkmaster        updating signatures<br><br>




May I suggest that this would be a good opportunity to ditch Oinkmaster (which probably hasn’t been updated in at least 8 years) and switch to pulledpork?
<div class=""><br class="">
<div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';" class="">
--</div>
<div style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';" class="">
<b class="">Joel Esler</b></div>
<div style="margin: 0px; line-height: normal; font-family: 'Lucida Grande';" class="">
Manager, Talos Group</div>
<div style="margin: 0px; line-height: normal; font-family: 'Helvetica Neue';" class="">
<br class="">
</div>
</div>
</div>
<br class="Apple-interchange-newline">
<br class="Apple-interchange-newline">
</div>
<br class="">
<div>
<blockquote type="cite" class="">
<div class="">On Nov 4, 2015, at 8:01 PM, Jason Williams <<a href="mailto:jwilliams@emergingthreats.net" class="">jwilliams@emergingthreats.net</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div class="">Leonard,
<div class=""><br class="">
</div>
<div class="">That is strange. I believe oinkmaster mentions snortrules.tar.gz in the error as it temporarily renames the download to that during processing. </div>
<div class=""><br class="">
</div>
<div class="">
<div class=""><i class="">my $OUTFILE            = 'snortrules.tar.gz';</i></div>
</div>
<div class=""><br class="">
</div>
<div class="">I tried to replicate the error on a few different setups and could not see an issue. If you'd like to send the conf file off list, i can take a look.</div>
<div class=""><br class="">
</div>
<div class="">Regards,</div>
<div class=""><br class="">
</div>
<div class="">Jason</div>
</div>
<div class="gmail_extra"><br class="">
<div class="gmail_quote">On Wed, Nov 4, 2015 at 6:18 PM, Leonard Jacobs <span class="">
<<a href="mailto:ljacobs@netsecuris.com" class="">ljacobs@netsecuris.com</a>></span> wrote:<br class="">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<u class=""></u>
<div class="">I am having the following problem with Oinkmaster only on one installation.  See the following error message.<br class="">
<br class="">
Downloading file from <a href="http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz.." class="">
http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz..</a>. done.<br class="">
<br class="">
gzip: /tmp/oinkmaster.CJK4MPEc0t/url.X5GLRSvTRk/snortrules.tar.gz: not in gzip format<br class="">
<br class="">
/usr/sbin/oinkmaster: Error: <a href="http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz" class="">
http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz</a>: integrity check on gzip file failed (file transfer failed or file in URL not in gzip format?).<br class="">
<br class="">
Oink, oink. Exiting...<br class="">
<br class="">
I have tried everything I can think of to solve this problem.  I am not having this problem on any other installations.  I am confused on why the error mentions snortrules.  I checked the oinkmaster.conf and cannot see a problem.  I even tried downloading the
 update file and placing it in the conf file but running oinkmaster still fails.<br class="">
<br class="">
Thanks.<span class="HOEnZb"><font class="" color="#888888"><br class="">
<br class="">
Leonard Jacobs
<div class="">
<div class=""><a class="">Call</a></div>
<div class=""><a class="">Send SMS</a></div>
<div class=""><a class="">Call from mobile</a></div>
<div class=""><a class="">Add to Skype</a></div>
<div class=""><span class="">You'll need Skype Credit</span><span class="">Free via Skype</span></div>
</div>
</font></span></div>
<br class="">
_______________________________________________<br class="">
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" class="">
oisf-users@openinfosecfoundation.org</a><br class="">
Site: <a href="http://suricata-ids.org/" class="">
http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" class="">
http://suricata-ids.org/support/</a><br class="">
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" class="">
https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br class="">
Suricata User Conference November 4 & 5 in Barcelona: <a href="http://oisfevents.net/" class="">
http://oisfevents.net</a><br class="">
</blockquote>
</div>
<br class="">
</div>
_______________________________________________<br class="">
Emerging-sigs mailing list<br class="">
<a href="mailto:Emerging-sigs@lists.emergingthreats.net" class="">Emerging-sigs@lists.emergingthreats.net</a><br class="">
<a href="https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs" target="_blank">https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs</a><br class="">
<br class="">
Support Emerging Threats! Subscribe to Emerging Threats Pro <a href="http://www.emergingthreats.net" target="_blank">http://www.emergingthreats.net</a><br class="">
<br class="">
</div>
</blockquote>
</div>
<br class="">
</div>


</blockquote><style>
 * {word-wrap:break-word;-webkit-nbsp-mode:space;-webkit-line-break:after-white-space;}
</style>
<div data-uilang="en" data-uiid="1" data-p2murl="https://c2c-p2m-secure.skype.com/p2m/v1/push" data-murl="https://pipe.skype.com/Client/2.0/" data-fp="{8281629C-F255-493D-9A19-77D959A33E87}" onmouseout="SkypeClick2Call.MenuInjectionHandler.hideMenu(this, event)" onmouseover="SkypeClick2Call.MenuInjectionHandler.showMenu(this, event)" style="display: none;" id="skype_c2c_menu_container" class="skype_c2c_menu_container notranslate"><div class="skype_c2c_menu_click2call"><a target="_self" id="skype_c2c_menu_click2call_action" class="skype_c2c_menu_click2call_action">Call</a></div><div class="skype_c2c_menu_click2sms"><a target="_self" id="skype_c2c_menu_click2sms_action" class="skype_c2c_menu_click2sms_action">Send SMS</a></div><div class="skype_c2c_menu_push_to_mobile"><a target="_blank" id="skype_c2c_menu_push_to_mobile_action" class="skype_c2c_menu_push_to_mobile_action">Call from mobile</a></div><div class="skype_c2c_menu_add2skype"><a target="_self" id="skype_c2c_menu_add2skype_text" class="skype_c2c_menu_add2skype_text">Add to Skype</a></div><div class="skype_c2c_menu_toll_info"><span class="skype_c2c_menu_toll_callcredit">You'll need Skype Credit</span><span class="skype_c2c_menu_toll_free">Free via Skype</span></div></div></body></html>