belnando Posted May 9, 2015 Report Posted May 9, 2015 I am in the process of setting up to pull the rules automatically via pulledpork, however when I run this command "perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -T" (without the commas of course) I get 'uname' is not recognised as an internal or external command, operable command or batch file. It is also throwing up errors in lines 463 and 1847. Has anyone encountered this and has any idea of a solution? Thanks Belnando Quote
Morpheus Posted May 9, 2015 Report Posted May 9, 2015 It's not an error, its a warning because it's not supported in Windows. Too bad because it would make updating the rules so much easier. There may be a way to do this with a Windows equivalent, or possibly Cygwin, but I've not looked directly into that. There will be a bunch of warnings showing up, they are purely informational, and never a show stopper. Quote
belnando Posted May 10, 2015 Author Report Posted May 10, 2015 Thanks for your reply Morpheus The problem here is that you mentioned the process should last about 30 minutes and quit. In my case it does not last 30 seconds. It goes straight to those errors mentioned above and returns to the prompt. I will check the configuration files again, I might have missed something. Cheers Belnando Quote
Morpheus Posted May 10, 2015 Report Posted May 10, 2015 You need to post a screen shot of the complete error. Did you run the modder.vbs file? Did you install the version of Strawberry perl per the tutorial? Did you install to the d:\ drive? Quote
belnando Posted May 10, 2015 Author Report Posted May 10, 2015 Screen shot attached... Yep, I did run modder.. Yes, the installation of perl followed the tutorial and.. yep, everything that's supposed to be on "d" is there. I did go back through the installation this morning and updated the conf. files but its still the same problem. It is obvious that I am over looking something but... I cannot see it yet. Thanks Belnando Quote
Morpheus Posted May 11, 2015 Report Posted May 11, 2015 Here goes, pulledpork.conf You need to configure line number: 190 snort_version=x.x.x.x Quote
belnando Posted May 14, 2015 Author Report Posted May 14, 2015 Thanks Morpheus. Sorry about the delay in responding to this thread, work related duties. I did get the winsnort up and running flawlessly. This tutorial worked wonders, it was easy to follow, it was accurately written and it worked beautifully for someone who is new to snort/linux, like myself. I am off to find a tutorial, that is just as good to install snort in IPS mode using Ubuntu Server. Thanks again. Belnando Quote
scowles Posted May 29, 2015 Report Posted May 29, 2015 Is there some type of message to acknowledge that the command has completed? perl d:\winids\pulledpork\pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -T The first time I've run it, seems to be stuck at "Prepping rules from opensource.gz for work...." for hours now. Quote
Morpheus Posted May 29, 2015 Report Posted May 29, 2015 Go into the folder /base right-click the folder signatures, and left-click 'Properties'. There is a entry 'Contains:' that holds the number of files. Get that number, and then is a short while do it again and see if that number is growing. It usually takes a very long time because it is using Perl to copy thousands of files. It's a Perl problem, and the developer knows about it. Good thing that opensourse file doesn't get updated often... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.