<div dir="auto">Check the README, you need to set the Snort version to suricata-3.2.0<div dir="auto"><br></div><div dir="auto">You can do this in the pulledpork config (setting the following)</div><div dir="auto"><br></div><div dir="auto">snort_version=suricata-3.2.0</div><div dir="auto"><br></div><div dir="auto">Or you can use the following on the command line with</div><div dir="auto"><br></div><div dir="auto">-S suricata-3.2.0</div><div dir="auto"><br><span style="font-family:sans-serif">If this does not work, please log an issue on github for this so it gets taken care of.</span><br style="font-family:sans-serif"></div><div dir="auto"><span style="font-family:sans-serif"><br></span></div><div dir="auto">I will soon add a fix to use the enhanced Suricata rules for the open/pro sets.</div><div dir="auto"><br></div><div dir="auto"><div data-smartmail="gmail_signature" dir="auto">--<br>Michael Shirk<br>Daemon Security, Inc.<br><a href="http://www.daemon-security.com">http://www.daemon-security.com</a></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Dec 16, 2016 12:00 PM, "James Moe" <<a href="mailto:jimoe@sohnen-moe.com">jimoe@sohnen-moe.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
suricata 3.2<br>
pullpedpork 0.7.3<br>
linux 4.4.36-8-default x86_64<br>
<br>
I have been attempting to replace oinkmaster with pulledpork, without<br>
success. Apparently PP is designed specifically for snort.<br>
Below is the output from PP. It fetched the rules archive, did<br>
something, complained a bit, and provided no output, changing nothing.<br>
Can anyone suggest what specific changes to the PP config file work<br>
for Suricata?<br>
<br>
<br>
Use of uninitialized value $Snort_path in -B at<br>
/usr/local/bin/<a href="http://pulledpork.pl" rel="noreferrer" target="_blank">pulledpork.pl</a> line 1773.<br>
Use of uninitialized value $Snort in pattern match (m//) at<br>
/usr/local/bin/<a href="http://pulledpork.pl" rel="noreferrer" target="_blank">pulledpork.pl</a> line 1982.<br>
Use of uninitialized value $Snort in pattern match (m//) at<br>
/usr/local/bin/<a href="http://pulledpork.pl" rel="noreferrer" target="_blank">pulledpork.pl</a> line 1986.<br>
Checking latest MD5 for emerging.rules.tar.gz....<br>
They Match<br>
Done!<br>
Fly Piggy Fly!<br>
<br>
<br>
--<br>
James Moe<br>
moe dot james at sohnen-moe dot com<br>
<a href="tel:520.743.3936" value="+15207433936">520.743.3936</a><br>
Think.<br>
<br>
<br>______________________________<wbr>_________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@<wbr>openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/<wbr>support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.<wbr>openinfosecfoundation.org/<wbr>mailman/listinfo/oisf-users</a><br>
<br></blockquote></div></div>