[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-devel
Subject: Re: [Snort-devel] [Snort-users] snort.lua broken thus pulledpork doesn't discover snort
From: Joel Esler via Snort-devel <snort-devel () lists ! snort ! org>
Date: 2022-06-27 12:46:45
Message-ID: 271874CE-533D-4D84-95D1-D6E1AD5DD6D7 () me ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
This is a problem:
" You need to define an oinkcode, please review the rule_url section of the \
pulledpork config file! at /usr/local/bin/pulledpork.pl line 2121."
And this is a problem:
Parsing Rules file "/usr/local/etc/snort/snort.lua"
ERROR: /usr/local/etc/snort/snort.lua(1) Invalid configuration line: \
---------------------------------------------------------------------------
—
Sent from my iPhone
> On Jun 26, 2022, at 15:59, Dorian ROSSE <dorianbrice@hotmail.fr> wrote:
>
> I found the answer for pulledpork : snort has go out rules for version 31210 but it \
> doesn't go out rules after version 31210 !
> now how to repair the problems for snort ?
>
> as i have ever say but i repeat snort has losen all it working all line of command \
> snort answer nothing,
> thank you in advance to help myself repair snort,
>
> regards.
>
>
> dorian rosse.
> De : Joel Esler <joel.esler@me.com>
> Envoyé : dimanche 26 juin 2022 19:56
> À : Dorian ROSSE <dorianbrice@hotmail.fr>
> Cc : snort-users@lists.snort.org <snort-users@lists.snort.org>; \
> snort-devel@lists.snort.org <snort-devel@lists.snort.org> Objet : Re: [Snort-users] \
> snort.lua broken thus pulledpork doesn't discover snort
> A guarantee if you google "snort error 422" the whole first page will be answers to \
> this problem. I've answered this personally, probably a hundred times over the \
> past 8 years.
> —
> Sent from my iPhone
>
> > On Jun 26, 2022, at 13:53, Dorian ROSSE <dorianbrice@hotmail.fr> wrote:
> >
> > now pulledpork has a new error : it is error 422 !
> >
> > snort has loosen all brain : all line of command launch for snort answere nothing \
> > !
> > what i need to do ?
> >
> > thanks you in advance for your help,
> >
> > regards.
> >
> >
> > dorian rosse.
> > De : Dorian ROSSE <dorianbrice@hotmail.fr>
> > Envoyé : dimanche 26 juin 2022 18:03
> > À : Joel Esler <joel.esler@me.com>
> > Cc : snort-users@lists.snort.org <snort-users@lists.snort.org>; \
> > snort-devel@lists.snort.org <snort-devel@lists.snort.org> Objet : Re: \
> > [Snort-users] snort.lua broken thus pulledpork doesn't discover snort
> > Joel,
> >
> >
> > I have ever tried to repair without success thus I wait a real help instead of \
> > just an answer without help,
> > The snort.lua is the previous ever working before I install a new time the laptop \
> > I think there are some problems by the system for understand the some programs \
> > between itself,
> > Thanks you in advance to really help myself,
> >
> > Regards.
> >
> >
> > Dorian Rosse.
> > From: Joel Esler <joel.esler@me.com>
> > Sent: Sunday, June 26, 2022 2:28:00 PM
> > To: Dorian ROSSE <dorianbrice@hotmail.fr>
> > Cc: snort-users@lists.snort.org <snort-users@lists.snort.org>; \
> > snort-devel@lists.snort.org <snort-devel@lists.snort.org>
> > Subject: Re: [Snort-users] snort.lua broken thus pulledpork doesn't discover \
> > snort
> > You have two different problems. I suggest you read your error messages.
> >
> > —
> > Sent from my iPhone
> >
> > > On Jun 24, 2022, at 17:35, Dorian ROSSE via Snort-users \
> > > <snort-users@lists.snort.org> wrote:
> > > hello,
> > >
> > >
> > > snort.lua broken thus pulledpork doesn't discover snort :
> > > ~/snort_src/pulledpork-master$ sudo /usr/local/bin/pulledpork.pl -c \
> > > /usr/local/etc/pulledpork/pulledpork.conf -l -P -E -T
> > > https://github.com/shirkdog/pulledpork
> > > _____ ____
> > > `----,\ )
> > > `--==\\ / PulledPork v0.8.0 - The only positive thing to come out of \
> > > 2020...well this and take-out liquor! `--==\\/
> > > .-~~~~-.Y|\\_ Copyright (C) 2009-2021 JJ Cummings, Michael Shirk
> > > @_/ / 66\_ and the PulledPork Team!
> > > > \ \ _(")
> > > \ /-| ||'--' Rules give me wings!
> > > \_\ \_\\
> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > >
> > > Use of uninitialized value $Value in pattern match (m//) at \
> > > /usr/local/bin/pulledpork.pl line 167, <CONFIG> line 20. readline() on closed \
> > > filehandle FH at /usr/local/bin/pulledpork.pl line 1647. Use of uninitialized \
> > > value $Snort in ord at /usr/local/bin/pulledpork.pl line 1924. You need to \
> > > define an oinkcode, please review the rule_url section of the pulledpork config \
> > > file! at /usr/local/bin/pulledpork.pl line 2121.
> > > '''
> > >
> > > '''sudo /usr/local/bin/snort -V
> > > sudo: /usr/local/bin/snort : commande introuvable'''
> > >
> > > '''snort -c /usr/local/etc/snort/snort.lua
> > > Running in IDS mode
> > >
> > > --== Initializing Snort ==--
> > > Initializing Output Plugins!
> > > Initializing Preprocessors!
> > > Initializing Plug-ins!
> > > Parsing Rules file "/usr/local/etc/snort/snort.lua"
> > > ERROR: /usr/local/etc/snort/snort.lua(1) Invalid configuration line: \
> > > ---------------------------------------------------------------------------
> > > Fatal Error, Quitting..
> > > '''
> > >
> > > thanks you in advance to help myself fully install snort and pulledpork for \
> > > sanitize my network,
> > > regards.
> > >
> > >
> > > dorian rosse.
> > >
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users@lists.snort.org
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.snort.org/mailman/listinfo/snort-users
> > >
> > > To unsubscribe, send an email to:
> > > snort-users-leave@lists.snort.org
> > >
> > > Please visit http://blog.snort.org to stay current on all the latest Snort \
> > > news!
> > > Please follow these rules: \
> > > https://snort.org/faq/what-is-the-mailing-list-etiquette
[Attachment #5 (text/html)]
<html><head><meta http-equiv="content-type" content="text/html; \
charset=utf-8"></head><body dir="auto"><div dir="ltr"><meta http-equiv="content-type" \
content="text/html; charset=utf-8">This is a problem:<div><br></div><div>"<span \
style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Calibri, \
Helvetica, sans-serif; font-size: 16px; -webkit-text-size-adjust: auto;"> You \
need to define an oinkcode, please review the rule_url section of the pulledpork \
config file!</span><br><span style="font-size: 16px; -webkit-text-size-adjust: auto; \
caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Calibri, Helvetica, \
sans-serif; background-color: rgb(36, 36, 38);"> at /usr/local/bin/pulledpork.pl \
line 2121."</span></div><div><font color="#000000" face="Calibri, Helvetica, \
sans-serif" size="3"><span style="caret-color: rgb(0, 0, 0); \
-webkit-text-size-adjust: auto; background-color: rgb(36, 36, \
38);"><br></span></font></div><div><font color="#000000" face="Calibri, Helvetica, \
sans-serif" size="3"><span style="caret-color: rgb(0, 0, 0); \
-webkit-text-size-adjust: auto; background-color: rgb(36, 36, 38);">And this is a \
problem:</span></font></div><div><font color="#000000" face="Calibri, Helvetica, \
sans-serif" size="3"><span style="caret-color: rgb(0, 0, 0); \
-webkit-text-size-adjust: auto; background-color: rgb(36, 36, \
38);"><br></span></font></div><div><div style="font-size: 16px; \
-webkit-text-size-adjust: auto; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); \
font-family: Calibri, Helvetica, sans-serif;">Parsing Rules file \
"/usr/local/etc/snort/snort.lua"</div><div style="font-size: 16px; \
-webkit-text-size-adjust: auto; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); \
font-family: Calibri, Helvetica, sans-serif;">ERROR: \
/usr/local/etc/snort/snort.lua(1) Invalid configuration line: \
---------------------------------------------------------------------------</div><div \
style="font-size: 16px; -webkit-text-size-adjust: auto; caret-color: rgb(0, 0, 0); \
color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif;"><br></div><div \
dir="ltr">— <div>Sent from my <span style="background-color: rgba(255, \
255, 255, 0);"> </span>iPhone</div></div><div dir="ltr"><br><blockquote \
type="cite">On Jun 26, 2022, at 15:59, Dorian ROSSE <dorianbrice@hotmail.fr> \
wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: \
rgb(0, 0, 0);"> I found the answer for pulledpork : snort has go out rules for \
version 31210 but it doesn't go out rules after version 31210 !</div> <div \
style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, \
0);"> <br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: \
rgb(0, 0, 0);"> now how to repair the problems for snort ?</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: \
rgb(0, 0, 0);"> <br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: \
rgb(0, 0, 0);"> as i have ever say but i repeat snort has losen all it working all \
line of command snort answer nothing,</div> <div style="font-family: Calibri, \
Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> <br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: \
rgb(0, 0, 0);"> thank you in advance to help myself repair snort,</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: \
rgb(0, 0, 0);"> <br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: \
rgb(0, 0, 0);"> regards.</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: \
rgb(0, 0, 0);"> <br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: \
rgb(0, 0, 0);"> <br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: \
rgb(0, 0, 0);"> dorian rosse.<br>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" \
style="font-size:11pt" color="#000000"><b>De :</b> Joel Esler \
<joel.esler@me.com><br> <b>Envoyé :</b> dimanche 26 juin 2022 19:56<br>
<b>À :</b> Dorian ROSSE <dorianbrice@hotmail.fr><br>
<b>Cc :</b> snort-users@lists.snort.org <snort-users@lists.snort.org>; \
snort-devel@lists.snort.org <snort-devel@lists.snort.org><br> <b>Objet :</b> \
Re: [Snort-users] snort.lua broken thus pulledpork doesn't discover snort</font> \
<div> </div> </div>
<div dir="auto">A guarantee if you google "snort error 422" the whole first page will \
be answers to this problem. I've answered this personally, probably a hundred \
times over the past 8 years. <br> <br>
<div dir="ltr">—
<div>Sent from my <span \
style="background-color:rgba(255,255,255,0)"> </span>iPhone</div> </div>
<div dir="ltr"><br>
<blockquote type="cite">On Jun 26, 2022, at 13:53, Dorian ROSSE \
<dorianbrice@hotmail.fr> wrote:<br> <br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> now pulledpork has a new error : it is error 422 !</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> <br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> snort has loosen all brain : all line of command launch for snort \
answere nothing !<br> </div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> <br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> what i need to do ?</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> <br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> thanks you in advance for your help,</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> <br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> regards.</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> <br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> <br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> dorian rosse.<br>
</div>
<div id="x_appendonsend"></div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" \
style="font-size:11pt"><b>De :</b> Dorian ROSSE <dorianbrice@hotmail.fr><br> \
<b>Envoyé :</b> dimanche 26 juin 2022 18:03<br> <b>À :</b> Joel Esler \
<joel.esler@me.com><br> <b>Cc :</b> snort-users@lists.snort.org \
<snort-users@lists.snort.org>; snort-devel@lists.snort.org \
<snort-devel@lists.snort.org><br> <b>Objet :</b> Re: [Snort-users] snort.lua \
broken thus pulledpork doesn't discover snort</font> <div> </div>
</div>
<div>
<div dir="auto" style="color:rgb(33,33,33); \
background-color:rgb(255,255,255)">Joel,</div> <div dir="auto" \
style="color:rgb(33,33,33); background-color:rgb(255,255,255)"><br> </div>
<div dir="auto" style="color:rgb(33,33,33); background-color:rgb(255,255,255)"><br>
</div>
<div dir="auto" style="color:rgb(33,33,33); background-color:rgb(255,255,255)">I have \
ever tried to repair without success thus I wait a real help instead of just an \
answer without help,</div> <div dir="auto" style="color:rgb(33,33,33); \
background-color:rgb(255,255,255)"><br> </div>
<div dir="auto" style="color:rgb(33,33,33); background-color:rgb(255,255,255)">The \
snort.lua is the previous ever working before I install a new time the laptop I think \
there are some problems by the system for understand the some programs between \
itself,</div> <div dir="auto" style="color:rgb(33,33,33); \
background-color:rgb(255,255,255)"><br> </div>
<div dir="auto" style="color:rgb(33,33,33); background-color:rgb(255,255,255)">Thanks \
you in advance to really help myself,</div> <div dir="auto" \
style="color:rgb(33,33,33); background-color:rgb(255,255,255)"><br> </div>
<div dir="auto" style="color:rgb(33,33,33); \
background-color:rgb(255,255,255)">Regards.</div> <div dir="auto" \
style="color:rgb(33,33,33); background-color:rgb(255,255,255)"><br> </div>
<div dir="auto" id="x_x_ms-outlook-mobile-signature" style="">
<div><br>
</div>
<div>Dorian Rosse.</div>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" \
color="#000000" style="font-size:11pt"><b>From:</b> Joel Esler \
<joel.esler@me.com><br> <b>Sent:</b> Sunday, June 26, 2022 2:28:00 PM<br>
<b>To:</b> Dorian ROSSE <dorianbrice@hotmail.fr><br>
<b>Cc:</b> snort-users@lists.snort.org <snort-users@lists.snort.org>; \
snort-devel@lists.snort.org <snort-devel@lists.snort.org><br> <b>Subject:</b> \
Re: [Snort-users] snort.lua broken thus pulledpork doesn't discover snort</font> \
<div> </div> </div>
<div dir="auto">You have two different problems. I suggest you read your error \
messages. <br> <br>
<div dir="ltr">—
<div>Sent from my <span \
style="background-color:rgba(255,255,255,0)"> </span>iPhone</div> </div>
<div dir="ltr"><br>
<blockquote type="cite">On Jun 24, 2022, at 17:35, Dorian ROSSE via Snort-users \
<snort-users@lists.snort.org> wrote:<br> <br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="x_x_x_elementToProof" style="font-family:Calibri,Helvetica,sans-serif; \
font-size:12pt; color:rgb(0,0,0)"> hello,</div>
<div class="x_x_x_elementToProof" style="font-family:Calibri,Helvetica,sans-serif; \
font-size:12pt; color:rgb(0,0,0)"> <br>
</div>
<div class="x_x_x_elementToProof" style="font-family:Calibri,Helvetica,sans-serif; \
font-size:12pt; color:rgb(0,0,0)"> <br>
</div>
<div class="x_x_x_elementToProof" style="font-family:Calibri,Helvetica,sans-serif; \
font-size:12pt; color:rgb(0,0,0)"> snort.lua broken thus pulledpork doesn't discover \
snort : <br> </div>
<div class="x_x_x_elementToProof" style="font-family:Calibri,Helvetica,sans-serif; \
font-size:12pt; color:rgb(0,0,0)"> ~/snort_src/pulledpork-master$ sudo \
/usr/local/bin/pulledpork.pl -c /usr/local/etc/pulledpork/pulledpork.conf -l -P -E -T \
<div><br> </div>
<div> https://github.com/shirkdog/pulledpork</div>
<div> _____ ____</div>
<div> `----,\ )</div>
<div> `--==\\ / PulledPork v0.8.0 - The only \
positive thing to come out of 2020...well this and take-out liquor!</div> <div> \
`--==\\/</div> <div> .-~~~~-.Y|\\_ \
Copyright (C) 2009-2021 JJ Cummings, Michael Shirk</div> <div> @_/ \
/ 66\_ and the PulledPork Team!</div> <div> \
| \ \ _(")</div> <div> \ \
/-| ||'--' Rules give me wings!</div> <div> \_\ \
\_\\</div> <div> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</div>
<div><br>
</div>
<div>Use of uninitialized value $Value in pattern match (m//) at \
/usr/local/bin/pulledpork.pl line 167, <CONFIG> line 20.</div> <div>readline() \
on closed filehandle FH at /usr/local/bin/pulledpork.pl line 1647.</div> <div>Use of \
uninitialized value $Snort in ord at /usr/local/bin/pulledpork.pl line 1924.</div> \
<div>You need to define an oinkcode, please review the rule_url section of the \
pulledpork config file!</div> at /usr/local/bin/pulledpork.pl line 2121.</div>
<div class="x_x_x_elementToProof" style="font-family:Calibri,Helvetica,sans-serif; \
font-size:12pt; color:rgb(0,0,0)"> '''</div>
<div class="x_x_x_elementToProof" style="font-family:Calibri,Helvetica,sans-serif; \
font-size:12pt; color:rgb(0,0,0)"> <br>
</div>
<div class="x_x_x_elementToProof" style="font-family:Calibri,Helvetica,sans-serif; \
font-size:12pt; color:rgb(0,0,0)"> '''sudo /usr/local/bin/snort -V
<div>sudo: /usr/local/bin/snort : commande introuvable'''</div>
<div><br>
</div>
<div>'''snort -c /usr/local/etc/snort/snort.lua
<div>Running in IDS mode</div>
<div><br>
</div>
<div> --== Initializing Snort ==--</div>
<div>Initializing Output Plugins!</div>
<div>Initializing Preprocessors!</div>
<div>Initializing Plug-ins!</div>
<div>Parsing Rules file "/usr/local/etc/snort/snort.lua"</div>
<div>ERROR: /usr/local/etc/snort/snort.lua(1) Invalid configuration line: \
---------------------------------------------------------------------------</div> \
<div><br> </div>
<div>Fatal Error, Quitting..</div>
'''</div>
<div><br>
</div>
<div>thanks you in advance to help myself fully install snort and pulledpork for \
sanitize my network,</div> <div><br>
</div>
<div>regards.</div>
<div><br>
</div>
<div><br>
</div>
<div>dorian rosse.<br>
</div>
<br>
</div>
<span>_______________________________________________</span><br>
<span>Snort-users mailing list</span><br>
<span>Snort-users@lists.snort.org</span><br>
<span>Go to this URL to change user options or unsubscribe:</span><br>
<span>https://lists.snort.org/mailman/listinfo/snort-users</span><br>
<span></span><br>
<span> To unsubscribe, send an email to:</span><br>
<span> snort-users-leave@lists.snort.org</span><br>
<span></span><br>
<span>Please visit http://blog.snort.org to stay current on all the latest Snort \
news!</span><br> <span></span><br>
<span>Please follow these rules: \
https://snort.org/faq/what-is-the-mailing-list-etiquette</span><br> </div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</div></blockquote></div></div></body></html>
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.snort.org
https://lists.snort.org/mailman/listinfo/snort-devel
Please visit http://blog.snort.org for the latest news about Snort!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic