Snort mailing list archives

Re: RE: Question about downloading rules

From: Paul Schmehl <pauls () utdallas edu>
Date: 06 Feb 2003 15:53:19 -0600

On Thu, 2003-02-06 at 15:40, LaRose, Dallas wrote:

That's OK, but I'd like to be nicer to the net by only downloading the
rules if they've been updated.  Can wget snatch the date field from
the web page?  Are the rules updated every day?  (Somehow I think not.)


Check out http://www.gnu.org/manual/wget/html_mono/wget.html#SEC23.


Thanks.  That's exactly what I was looking for.

Can you provide a link to the scripts you're using?


Hmmm...I might post them to the web once I'm done with them.  Right now
they're in a state of flux.  I'm trying to include error checking and
other things.  For example, with the snort.sh script that Keith
provided, I added a check to make sure the user trying to run the script
is root, and if they're not, it tells them that they must be root to run
it.  I also added a "restart" option and included error checking to make
sure that the script doesn't do stupid things like start a second
instance of snort.  (The last thing I need is *two* multi-MB feeds to
the database.)

If there is an interest, I'll put them up, but I figure most guys on
this list are probably smarter than me anyway.  They're bash scripts,
not Bourne shell (there's some subtle differences), and they're not
written with a lot of variables to make them more configurable (although
I suppose I could change that.)

-- 
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Question about downloading rules Paul Schmehl (Feb 06)
- Re: Question about downloading rules Edin Dizdarevic (Feb 06)
- <Possible follow-ups>
- RE: Question about downloading rules LaRose, Dallas (Feb 06)
  - Re: RE: Question about downloading rules Paul Schmehl (Feb 06)