[Oisf-users] Adapting pulledpork for suricata

[Michael Shirk]

Check the README, you need to set the Snort version to suricata-3.2.0

You can do this in the pulledpork config (setting the following)

snort_version=suricata-3.2.0

Or you can use the following on the command line with

-S suricata-3.2.0

If this does not work, please log an issue on github for this so it gets
taken care of.

I will soon add a fix to use the enhanced Suricata rules for the open/pro
sets.

--
Michael Shirk
Daemon Security, Inc.
http://www.daemon-security.com

On Dec 16, 2016 12:00 PM, "James Moe" <jimoe at sohnen-moe.com> wrote:

> Hello,
>   suricata 3.2
>   pullpedpork 0.7.3
>   linux 4.4.36-8-default x86_64
>
>   I have been attempting to replace oinkmaster with pulledpork, without
> success. Apparently PP is designed specifically for snort.
>   Below is the output from PP. It fetched the rules archive, did
> something, complained a bit, and provided no output, changing nothing.
>   Can anyone suggest what specific changes to the PP config file work
> for Suricata?
>
>
> Use of uninitialized value $Snort_path in -B at
> /usr/local/bin/pulledpork.pl line 1773.
> Use of uninitialized value $Snort in pattern match (m//) at
> /usr/local/bin/pulledpork.pl line 1982.
> Use of uninitialized value $Snort in pattern match (m//) at
> /usr/local/bin/pulledpork.pl line 1986.
> Checking latest MD5 for emerging.rules.tar.gz....
>         They Match
>         Done!
> Fly Piggy Fly!
>
>
> --
> James Moe
> moe dot james at sohnen-moe dot com
> 520.743.3936
> Think.
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20161216/8fbf8d89/attachment-0002.html>