Snort mailing list archives
Re: Question about downloading rules
From: Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>
Date: Fri, 07 Feb 2003 00:39:46 +0100
Hi, we already had that ;) Anyway, try this: ############## CUT ####################### SIGS_URL1="http://www.snort.org/dl/signatures/snortrules-stable.tar.gz"; MD5_URL1="http://www.snort.org/dl/signatures/snortrules-stable.tar.gz.md5"; WGET="/usr/bin/wget" #WGET_PARAMS="-N" WGET_PARAMS="-t 3 -T 5 -N -a /etc/snort/snort.log -P /etc/snort" # Wget parameters: # # -t : Retries (here 3) # -N : Get the file only if newer # -a : Append the log messages to the specified file # -P : Save the file to the specified directory # -T : Timeout ############## CUT ####################### The rules are beeing updated a few times a day. Allthough they sometimes seem to be identical but are fetched by wget anyway. I did not come behind this yet and the MD5-Sums sometimes do not fit too. Regards, Edin_ Paul Schmehl wrote:
I took Keith's script that fetches the stable rules tarball, untars it, copies the rules to the rules directory and then deletes the tarball, and I modified it so it will 1) make sure the files were actually fetched and send mail if they weren't, and 2) make sure the MD5 checksum is correct, and page me if it isn't (and not run the extract, of course.) That's OK, but I'd like to be nicer to the net by only downloading the rules if they've been updated. Can wget snatch the date field from the web page? Are the rules updated every day? (Somehow I think not.)
-- Edin Dizdarevic ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Question about downloading rules Paul Schmehl (Feb 06)
- Re: Question about downloading rules Edin Dizdarevic (Feb 06)
- <Possible follow-ups>
- RE: Question about downloading rules LaRose, Dallas (Feb 06)
- Re: RE: Question about downloading rules Paul Schmehl (Feb 06)