Snort mailing list archives
Re: rules, alerts, tools
From: Joel Esler <jesler () sourcefire com>
Date: Thu, 10 Sep 2009 18:04:09 -0400
I recommend pulled-pork for rule updating. http://code.google.com/p/pulledpork/ J On Thu, Sep 10, 2009 at 5:05 PM, Ron Kaye Jr <rekaye1005 () verizon net> wrote:
hello all: 1) pulled the latest rules from snort.org for install. registered at the site. is this granular enough for uptodate rules, or should i install something like oinkmaster? 2) has anyone setup alert groups in "base". can you show me your setup, and the reasons behind it. on my first pass, predefined alerts were consistently found. will snort pass me indeterminate data, which is my job to interpret 3) i am reading that swatch or syslog-ng are used for real time alerting. what is your preference? will either of these conflict with barnyard, which appears to spool first to a log file. thanks Ron Kaye Jr 914-7294734
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- rules, alerts, tools Ron Kaye Jr (Sep 10)
- Re: rules, alerts, tools Joel Esler (Sep 10)