Re: rules, alerts, tools

[Joel Esler <jesler () sourcefire com>]

I recommend pulled-pork for rule updating.
http://code.google.com/p/pulledpork/

J

On Thu, Sep 10, 2009 at 5:05 PM, Ron Kaye Jr <rekaye1005 () verizon net> wrote:

>  hello all:
>
> 1) pulled the latest rules from snort.org for install.
> registered at the site.
> is this granular enough for uptodate rules, or should i install something
> like oinkmaster?
>
> 2) has anyone setup alert groups in "base".
> can you show me your setup, and the reasons behind it.
>
> on my first pass, predefined alerts were consistently found.
> will snort pass me indeterminate data, which is my job to interpret
>
> 3) i am reading that swatch or syslog-ng are used for real time alerting.
> what is your preference?
>
> will either of these conflict with barnyard, which appears to spool first
> to a log file.
>
> thanks
>
> Ron Kaye Jr
> 914-7294734
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users