Description
I'm using snort 3.4.7.0 and the lates version of rules 31470. This is the first time configuration for pulled pork and i'm using this document for tutorial https://www.snort.org/documents/snort-3-1-18-0-on-ubuntu-18-20.
When im running this command
sudo /usr/local/bin/pulledpork.pl -c /usr/local/etc/pulledpork/pulledpork.conf -l -P -E -T
All of the rule start is 0 is this normal for first time configuration? or do i have to download the same snort version as the rule version?
https://github.com/shirkdog/pulledpork
_____ ____
----,\ ) --==\ / PulledPork v0.8.0 - The only positive thing to come out of 2020...well this and take-out liquor!
Checking latest MD5 for snortrules-snapshot-31470.tar.gz....
They Match
Done!
IP Blocklist download of https://snort.org/downloads/ip-block-list....
Reading IP List...
Prepping rules from snortrules-snapshot-31470.tar.gz for work....
Done!
Reading rules...
Snort 3.0 detected, future Snort 3.0 processing
Reading rules...
Activating ballanced rulesets....
Done
Setting Flowbit State....
Done
Writing /usr/local/etc/rules/snort.rules....
Done
Generating sid-msg.map....
Done
Writing v2 /usr/local/etc/snort/sid-msg.map....
Done
Use of uninitialized value $pid_path in string ne at /usr/local/bin/pulledpork.pl line 2418.
Writing /var/log/sid_changes.log....
Done
Rule Stats...
New:-------0
Deleted:---0
Enabled Rules:----0
Dropped Rules:----0
Disabled Rules:---0
Total Rules:------0
No IP Blocklist Changes
Done
Please review /var/log/sid_changes.log for additional details
Fly Piggy Fly!