I'm using snort 3.4.7.0 and the lates version of rules 31470. This is the first time configuration for pulled pork and i'm using this document for tutorial https://www.snort.org/documents/snort-3-1-18-0-on-ubuntu-18-20.
When im running this command
sudo /usr/local/bin/pulledpork.pl -c /usr/local/etc/pulledpork/pulledpork.conf -l -P -E -T
All of the rule start is 0 is this normal for first time configuration? or do i have to download the same snort version as the rule version?
https://github.com/shirkdog/pulledpork
_____ ____
----,\ ) --==\ / PulledPork v0.8.0 - The only positive thing to come out of 2020...well this and take-out liquor!
Checking latest MD5 for snortrules-snapshot-31470.tar.gz....
They Match
Done!
IP Blocklist download of https://snort.org/downloads/ip-block-list....
Reading IP List...
Prepping rules from snortrules-snapshot-31470.tar.gz for work....
Done!
Reading rules...
Snort 3.0 detected, future Snort 3.0 processing
Reading rules...
Activating ballanced rulesets....
Done
Setting Flowbit State....
Done
Writing /usr/local/etc/rules/snort.rules....
Done
Generating sid-msg.map....
Done
Writing v2 /usr/local/etc/snort/sid-msg.map....
Done
Use of uninitialized value $pid_path in string ne at /usr/local/bin/pulledpork.pl line 2418.
Writing /var/log/sid_changes.log....
Done
Rule Stats...
New:-------0
Deleted:---0
Enabled Rules:----0
Dropped Rules:----0
Disabled Rules:---0
Total Rules:------0
No IP Blocklist Changes
Done
Please review /var/log/sid_changes.log for additional details
Fly Piggy Fly!
I'm using snort 3.4.7.0 and the lates version of rules 31470. This is the first time configuration for pulled pork and i'm using this document for tutorial https://www.snort.org/documents/snort-3-1-18-0-on-ubuntu-18-20.
When im running this command
sudo /usr/local/bin/pulledpork.pl -c /usr/local/etc/pulledpork/pulledpork.conf -l -P -E -T
All of the rule start is 0 is this normal for first time configuration? or do i have to download the same snort version as the rule version?
https://github.com/shirkdog/pulledpork
_____ ____
----,\ )--==\ / PulledPork v0.8.0 - The only positive thing to come out of 2020...well this and take-out liquor!Checking latest MD5 for snortrules-snapshot-31470.tar.gz....
They Match
Done!
IP Blocklist download of https://snort.org/downloads/ip-block-list....
Reading IP List...
Prepping rules from snortrules-snapshot-31470.tar.gz for work....
Done!
Reading rules...
Snort 3.0 detected, future Snort 3.0 processing
Reading rules...
Activating ballanced rulesets....
Done
Setting Flowbit State....
Done
Writing /usr/local/etc/rules/snort.rules....
Done
Generating sid-msg.map....
Done
Writing v2 /usr/local/etc/snort/sid-msg.map....
Done
Use of uninitialized value $pid_path in string ne at /usr/local/bin/pulledpork.pl line 2418.
Writing /var/log/sid_changes.log....
Done
Rule Stats...
New:-------0
Deleted:---0
Enabled Rules:----0
Dropped Rules:----0
Disabled Rules:---0
Total Rules:------0
No IP Blocklist Changes
Done
Please review /var/log/sid_changes.log for additional details
Fly Piggy Fly!