Snort mailing list archives
RE: weird behaviour with Puresecure
From: Ryan Hill <rhill () xypoint com>
Date: Mon, 6 May 2002 14:51:54 -0700
fyi, I've been working with a developer for a few weeks on an unrelated issue but thought I would mention that the values passed to the validate function inside the web gui are hard coded into the program. for whatever reason (probably a good one?! :), the developers have chosen not to pass the actual arguments you may be using for your sensor (I'm using -o myself). in addition, the validate function also doesn't correctly identify the interface your sensor is using, so when you run validate, snort is going to run the validation against your default interface, which may or may not be the correct interface for the sensor you're testing. both of these fixes/improvements can be added with a few more checks and variables for commandline options, but seeing as I have about zero knowledge of perl whatsoever, the issue may be more complicated than it appears on the surface (there are a LOT of commandline options for snort :). in Demarc's defense, they are very receptive and responsive towards feedback and improvements in the program (IMHO), so if you have future suggestions, please send them to suggest () demarc com. you might also check out their mailing list over at demarc.com. regards, Ryan Hill Corporate Information Systems TeleCommunication Systems, Inc. (TCS) - http://www.telecomsys.com
-----Original Message----- From: Omolayo Salako [mailto:OSalako () corp goamerica net] Sent: Monday, May 06, 2002 1:43 PM To: snort-users () lists sourceforge net Subject: [Snort-users] weird behaviour with Puresecure Anyone else experiencing this problem. i have recently upgraded to demarc 1.6 and wanted to pass some command line options to snort through Puresecure. i edited the psd.conf, which i beleive is the equivalent of demarcd.conf in the old demarc. i put options in where it says command line option to pass to snort. since the update has to be done by Puresecure, went to the gui, and click on validate, it updates the rules quite well, but i dont see my command line options, in the options it passed to snort. i have poked through all the files under puresecure directory, but could not find anyother file that might be controling the command line options. Any pointers would be appreciated thanx -----Original Message----- From: Vadim Pushkin [mailto:wiskbroom () hotmail com] Sent: Monday, May 06, 2002 3:18 PM To: Noller2G () kochind com; snort-users () lists sourceforge net Subject: Re: [Snort-users] Demarc (PureSecure) The one problem that I am having with Acid/Mysql is speed. If I were to use PureSecure, wouldn't I sill be going against the same slow MySQL server? -mikeFrom: "Noller, Gregory" <Noller2G () kochind com> To: "'snort-users () lists sourceforge net'"<snort-users@lists.sourceforge.net>Subject: [Snort-users] Demarc (PureSecure) Date: Fri, 3 May 2002 13:34:36 -0500 I have been using Demarc 1.05 since October. It was hard toset up, butwas much better than Acid and such. Now they have released 1.06 and are calling it PureSecure.Much bettersetup script. Easy in fact. Just want to let you know, if you have not triedDemarc/PureSecuregive it ashot. Just build you a new Linux 7.2 box, get a copy of thesoftware and run the./configure script in the install directory. You will need internet visability because it goes out and downloads all the pieces. Once it's running, you'll need to update the rules from theconfigure tabto get the rules downloaded. Then sit back and watch. Then you can edit your rules andsnort.conf filefrom the configure tab. This software really works. I don't work for them, have never met them, and just wantedto comment onthis product. Usual Disclaimers Apply Gregory Noller Senior IT Security Technologist Technology Risk Services Koch Business Solutions, LP Wichita, Kansas (316) 828-7725 _______________________________________________________________ Have big pipes? SourceForge.net is looking for downloadmirrors. We supplythe hardware. You get the recognition. Email Us:bandwidth () sourceforge net_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- weird behaviour with Puresecure Omolayo Salako (May 06)
- <Possible follow-ups>
- RE: weird behaviour with Puresecure Ryan Hill (May 06)
- FW: RE: weird behaviour with Puresecure Ryan Hill (May 07)