RE: weird behaviour with Puresecure

[Ryan Hill <rhill () xypoint com>]

fyi, I've been working with a developer for a few weeks on an unrelated
issue but thought I would mention that the values passed to the validate
function inside the web gui are hard coded into the program.  for whatever
reason (probably a good one?! :), the developers have chosen not to pass the
actual arguments you may be using for your sensor (I'm using -o myself).

in addition, the validate function also doesn't correctly identify the
interface your sensor is using, so when you run validate, snort is going to
run the validation against your default interface, which may or may not be
the correct interface for the sensor you're testing.

both of these fixes/improvements can be added with a few more checks and
variables for commandline options, but seeing as I have about zero knowledge
of perl whatsoever, the issue may be more complicated than it appears on the
surface (there are a LOT of commandline options for snort :).

in Demarc's defense, they are very receptive and responsive towards feedback
and improvements in the program (IMHO), so if you have future suggestions,
please send them to suggest () demarc com.  you might also check out their
mailing list over at demarc.com.

regards,

Ryan Hill
Corporate Information Systems
TeleCommunication Systems, Inc. (TCS) - http://www.telecomsys.com

> -----Original Message-----
> From: Omolayo Salako [mailto:OSalako () corp goamerica net] 
> Sent: Monday, May 06, 2002 1:43 PM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] weird behaviour with Puresecure
>
>
> Anyone else experiencing this problem. i have recently 
> upgraded to demarc
> 1.6 and wanted to pass some command line options to snort through
> Puresecure. i edited the psd.conf, which i beleive is the 
> equivalent of
> demarcd.conf in the old demarc. i put options in where it 
> says command line
> option to pass to snort. since the update has to be done by 
> Puresecure, went
> to the gui, and click on validate, it updates the rules quite 
> well, but i
> dont see my command line options, in the options it passed to 
> snort. i have
> poked through all the files under puresecure directory, but 
> could not find
> anyother file that might be controling the command line options. Any
> pointers would be appreciated
>
>
> thanx
>  
>
> -----Original Message-----
> From: Vadim Pushkin [mailto:wiskbroom () hotmail com]
> Sent: Monday, May 06, 2002 3:18 PM
> To: Noller2G () kochind com; snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Demarc (PureSecure)
>
>
> The one problem that I am having with Acid/Mysql
> is speed. If I were to use PureSecure, wouldn't
> I sill be going against the same slow MySQL server?
>
> -mike
>
>
> > From: "Noller, Gregory" <Noller2G () kochind com>
> > To: 
> > "'snort-users () lists sourceforge net'"<snort-users@lists.sourc
> eforge.net>
> > Subject: [Snort-users] Demarc (PureSecure)
> > Date: Fri, 3 May 2002 13:34:36 -0500
> >
> > I have been using Demarc 1.05 since October.  It was hard to 
> set up, but 
> > was
> > much better than Acid and such.
> >
> > Now they have released 1.06 and are calling it PureSecure.  
> Much better
> > setup script.  Easy in fact.
> >
> > Just want to let you know, if you have not tried 
> Demarc/PureSecuregive it a
> > shot.
> >
> > Just build you a new Linux 7.2 box, get a copy of the 
> software and run the
> > ./configure script in the install directory.  You will need internet
> > visability because it goes out and downloads all the pieces.
> >
> > Once it's running, you'll need to update the rules from the 
> configure tab 
> > to
> > get the rules downloaded.
> >
> > Then sit back and watch.  Then you can edit your rules and 
> snort.conf file
> > from the configure tab.
> >
> > This software really works.
> >
> > I don't work for them, have never met them, and just wanted 
> to comment on
> > this product.
> >
> > Usual Disclaimers Apply
> >
> > Gregory Noller
> > Senior IT Security Technologist
> > Technology Risk Services
> > Koch Business Solutions, LP
> > Wichita, Kansas
> > (316) 828-7725
> >
> >
> >
> > _______________________________________________________________
> >
> > Have big pipes? SourceForge.net is looking for download 
> mirrors. We supply
> > the hardware. You get the recognition. Email Us: 
> bandwidth () sourceforge net
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> _________________________________________________________________
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
>
>
> _______________________________________________________________
>
> Have big pipes? SourceForge.net is looking for download 
> mirrors. We supply
> the hardware. You get the recognition. Email Us: 
> bandwidth () sourceforge net
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> _______________________________________________________________
>
> Have big pipes? SourceForge.net is looking for download 
> mirrors. We supply
> the hardware. You get the recognition. Email Us: 
> bandwidth () sourceforge net
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users