[Honeywall] Re: Honeywall - Snort Rules Update Problem (Vincent
breusshe at hotmail.com
Mon Mar 15 01:31:02 EDT 2010
Here is the problem:
Snort 2.6 is not supported anymore. I entered a ticket for this issue
with the Honeywall Project a few months ago, but no one from the project
has ever replied to it. Essentially, it needs to be updated to 2.8, at
the least, maybe 3.0 at this point. I think that using 2.8 rules on a
2.6 snort will not be fully compatible, as I recall, there are changes
to how the rules are parsed between 2.6 and 2.8, but I might be wrong.
The Snort project would be a good place to ask that question.
honeywall-request at public.honeynet.org wrote:
> Send Honeywall mailing list submissions to
> honeywall at public.honeynet.org
> To subscribe or unsubscribe via the World Wide Web, visit
> or, via email, send a message with subject or body 'help' to
> honeywall-request at public.honeynet.org
> You can reach the person managing the list at
> honeywall-owner at public.honeynet.org
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Honeywall digest..."
> Today's Topics:
> 1. Honeywall - Snort Rules Update Problem (Vincent Ragosta)
> 2. Re: Sebek -- Supported Platforms (Chengyu Song)
> 3. Re: Sebek under VirtualBox (Chengyu Song)
> Message: 1
> Date: Sat, 13 Mar 2010 18:53:25 -0500
> From: Vincent Ragosta <vrr6 at pitt.edu>
> Subject: [Honeywall] Honeywall - Snort Rules Update Problem
> To: honeywall at public.honeynet.org
> Message-ID: <4B9C2575.30700 at pitt.edu>
> Content-Type: text/plain; charset="iso-8859-1"
> It appears as if the option to update the Snort rules is not working
> correctly from within the Honeywall web management interface. After I
> click "Update Rules Now", I perform a tail on /var/log/hwruleupdate and
> receive the following response:
> Downloading file from
> /usr/bin/oinkmaster.pl: Error: could not download from
> Output from wget follows:
> www.snort.org... 188.8.131.52
> Connecting to www.snort.org|184.108.40.206|:80... connected.
> HTTP request sent, awaiting response... 404 Not Found
> 18:39:30 ERROR 404: Not Found.
> Oink, oink. Exiting.../
> If I manually enter this link into firefox and replace the
> snortrules-snapshot-2.6.tar.gz with snortrules-snapshot-2.8.tar.gz, it
> initiates a file transfer. Thus, what can I do to correct this in the
> honeywall? Can I safely update the url parameter to download the 2.8
> rule set instead? If so, where is this configuration information held?
> Or do I need to ugrade Snort first?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://public.honeynet.org/pipermail/honeywall/attachments/20100313/b48919e5/attachment-0001.html
> Message: 2
> Date: Sun, 14 Mar 2010 11:33:38 +0800
> From: Chengyu Song <songchengyu at honeynet.org>
> Subject: Re: [Honeywall] Sebek -- Supported Platforms
> To: Mailing list for users and developers of the Honeywall
> <honeywall at public.honeynet.org>
> <5a8ab5a91003131933y4615d2e2qed53894245d30803 at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
> Sebek does not support Windows 7 nor Windows Server 2008 now. The binary
> distribution does not contain drivers build for these two platforms. I'm
> still working on this and hopefully could release a test build in a week or
> On Sun, Mar 14, 2010 at 12:38 AM, Vincent R Ragosta <vrr6 at pitt.edu> wrote:
>> Has anyone tried installing Sebek on Windows Server 2008? I want to verify
>> this will work before I attempt.
>> Honeywall mailing list
>> Honeywall at public.honeynet.org
Brett D. Ussher
More information about the Honeywall