[Oisf-users] [Emerging-Sigs] Having Problem with Oinkmaster updating signatures

Jason Ish lists at unx.ca
Thu Nov 5 18:58:34 UTC 2015


May I also suggest rulecat, I did it specifically for Suricata, and
its still young.  But I find it easier to use straight out of the box,
for Suricata:

http://blog.jasonish.org/2015/05/27/another-ids-rule-downloader-rulecat/

On Thu, Nov 5, 2015 at 1:46 PM, Joel Esler (jesler) <jesler at cisco.com> wrote:
> May I suggest that this would be a good opportunity to ditch Oinkmaster
> (which probably hasn’t been updated in at least 8 years) and switch to
> pulledpork?
>
> --
> Joel Esler
> Manager, Talos Group
>
>
>
>
> On Nov 4, 2015, at 8:01 PM, Jason Williams <jwilliams at emergingthreats.net>
> wrote:
>
> Leonard,
>
> That is strange. I believe oinkmaster mentions snortrules.tar.gz in the
> error as it temporarily renames the download to that during processing.
>
> my $OUTFILE            = 'snortrules.tar.gz';
>
> I tried to replicate the error on a few different setups and could not see
> an issue. If you'd like to send the conf file off list, i can take a look.
>
> Regards,
>
> Jason
>
> On Wed, Nov 4, 2015 at 6:18 PM, Leonard Jacobs <ljacobs at netsecuris.com>
> wrote:
>>
>> I am having the following problem with Oinkmaster only on one
>> installation.  See the following error message.
>>
>> Downloading file from
>> http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz...
>> done.
>>
>> gzip: /tmp/oinkmaster.CJK4MPEc0t/url.X5GLRSvTRk/snortrules.tar.gz: not in
>> gzip format
>>
>> /usr/sbin/oinkmaster: Error:
>> http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz:
>> integrity check on gzip file failed (file transfer failed or file in URL not
>> in gzip format?).
>>
>> Oink, oink. Exiting...
>>
>> I have tried everything I can think of to solve this problem.  I am not
>> having this problem on any other installations.  I am confused on why the
>> error mentions snortrules.  I checked the oinkmaster.conf and cannot see a
>> problem.  I even tried downloading the update file and placing it in the
>> conf file but running oinkmaster still fails.
>>
>> Thanks.
>>
>> Leonard Jacobs
>> Call
>> Send SMS
>> Call from mobile
>> Add to Skype
>> You'll need Skype CreditFree via Skype
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Suricata User Conference November 4 & 5 in Barcelona:
>> http://oisfevents.net
>
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>



More information about the Oisf-users mailing list