Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Managing Multiple Snort Sensors

From: Russell Fulton <r.fulton () auckland ac nz>
Date: Thu, 1 Apr 2010 12:43:46 +1300
I have home grown perl scripts that drive oinkmaster with separate configs for each sensor (or group of sensors).  
Script runs nightly and downloads rule files (if they have changed) and runs oinkmaster for each group of sensors.  It 
then goes through the rules & conf files for each sensor to see if anything has changed.  If it has the script scp's a 
tarball with the changes to the sensor and then runs a script on the sensor to unpack the tarball and restart snort.

Pain points:  Having to update oinkmaster.conf files by hand, apart from that it just works.

I know others that use configuration management systems like puppet or bfgc2 to distribute their snort rules  but that 
does not get around having to maintain the oinkmaster files.

Russell


------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: