[Oisf-users] [Emerging-Sigs] Having Problem with Oinkmaster updating signatures

Leonard Jacobs ljacobs at netsecuris.com
Thu Nov 5 14:03:15 UTC 2015 

PulledPork is what I thought of trying now.  Just trying to find the best instructions.

Thanks.

Leonard Jacobs
  _____  

From: Joel Esler (jesler) [mailto:jesler at cisco.com]
To: Jason Williams [mailto:jwilliams at emergingthreats.net]
Cc: Leonard Jacobs [mailto:ljacobs at netsecuris.com], oisf-users at openinfosecfoundation.org [mailto:oisf-users at openinfosecfoundation.org], Emerging Sigs [mailto:emerging-sigs at emergingthreats.net]
Sent: Thu, 05 Nov 2015 06:46:09 -0600
Subject: Re: [Emerging-Sigs] [Oisf-users] Having Problem with Oinkmaster updating signatures

          May I suggest that this would be a good opportunity to ditch Oinkmaster (which probably hasn’t been updated in at least 8 years) and switch to pulledpork?  

  
  
  
  
  --  
  Joel Esler  
  Manager, Talos Group  
  
        
  
    
  
    
On Nov 4, 2015, at 8:01 PM, Jason Williams <jwilliams at emergingthreats.net> wrote:  
  
  
Leonard,  

    
That is strange. I believe oinkmaster mentions snortrules.tar.gz in the error as it temporarily renames the download to that during processing.   

    
  
my $OUTFILE            = 'snortrules.tar.gz';    

    
I tried to replicate the error on a few different setups and could not see an issue. If you'd like to send the conf file off list, i can take a look.  

    
Regards,  

    
Jason    

  
On Wed, Nov 4, 2015 at 6:18 PM, Leonard Jacobs   <ljacobs at netsecuris.com> wrote:
      
I am having the following problem with Oinkmaster only on one installation.  See the following error message.
  
  Downloading file from   http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz... done.
  
  gzip: /tmp/oinkmaster.CJK4MPEc0t/url.X5GLRSvTRk/snortrules.tar.gz: not in gzip format
  
  /usr/sbin/oinkmaster: Error:   http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz: integrity check on gzip file failed (file transfer failed or file in URL not in gzip format?).
  
  Oink, oink. Exiting...
  
  I have tried everything I can think of to solve this problem.  I am not having this problem on any other installations.  I am confused on why the error mentions snortrules.  I checked the oinkmaster.conf and cannot see a problem.  I even tried downloading the   update file and placing it in the conf file but running oinkmaster still fails.
  
  Thanks.
  
  Leonard Jacobs  
  
Call  
Send SMS  
Call from mobile  
Add to Skype  
You'll need Skype CreditFree via Skype      
  _______________________________________________
  Suricata IDS Users mailing list:   oisf-users at openinfosecfoundation.org
  Site:   http://suricata-ids.org | Support:   http://suricata-ids.org/support/
  List:   https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
  Suricata User Conference November 4 & 5 in Barcelona:   http://oisfevents.net
      
    _______________________________________________
  Emerging-sigs mailing list
  Emerging-sigs at lists.emergingthreats.net
  https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
  
  Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net
  
        
          

Call
Send SMS
Call from mobile
Add to Skype
You'll need Skype CreditFree via Skype
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151105/cf3c2467/attachment.html>

More information about the Oisf-users mailing list