Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question about downloading rules with Oinkmaster

From: "Andy Berryman" <aberryman () Cymtec com>
Date: Tue, 13 Jul 2010 13:05:56 -0500
So there is nothing that tells it I'm trying to get the subscription rules except for my oinkcode now?  Basically all I 
need to do is drop the "_s" ? 

 

This is what the page says, which I'm sure you already know.

Configuring Oinkmaster

In order to use Oinkmaster to update Snort with VRT rules you must edit oinkmaster.conf.

In the oinkmaster.conf modify "url" to:

      url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode here>/<filename>  

    

 

Important Note

As noted above, the CURRENT and 2.8 naming conventions have been deprecated as of June 2010 for oinkmaster downloads. 
You are responsible for updating your oinkmaster.conf file to reflect your installed version of Snort. Continued 
attempts to download outdated versions will result in being banned. 

Example for snort 2.8.6.0:

      url = http://www.snort.org/pub-bin/oinkmaster.cgi/oink_code_removed/snortrules-snapshot-2860.tar.gz

    

 

    

 

 

From: Joel Esler [mailto:jesler () sourcefire com] 
Sent: Tuesday, July 13, 2010 12:56 PM
To: Andy Berryman
Cc: <snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Question about downloading rules with Oinkmaster

 

If you log into snort.org, on the page where you get your oinkcode, you will are the URL you are supposed to use. 



Sent from my iPhone


On Jul 13, 2010, at 1:28 PM, "Andy Berryman" <aberryman () Cymtec com> wrote:

        I saw there was a change in the rules download, but I'm a little confused on if/what I'm supposed to change in 
Oinkmaster. 

         

        Currently I have this in my oinkmaster: 

        url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oink_code_removed>/snortrules-snapshot-2860_s.tar.gz 
<http://www.snort.org/pub-bin/oinkmaster.cgi/%3coink_code_removed%3e/snortrules-snapshot-2860_s.tar.gz> 

         

         

        Am I supposed to change it to this? 

         

        url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode here>/sub-rules/snortrules-snapshot-2860.tar.gz

         

         

         

        We are a subscriber/integrator. 

         

         

        Thanks,

        Andy Berryman

         

         

        
________________________________


        This message from Cymtec Systems, Inc. contains confidential information and is solely for the use of the 
recipient(s) named above. If you are not the intended recipient or an agent responsible for delivering it to the 
intended recipient, you are hereby notified that you have received this message in error and that any review, 
disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received 
this message in error, please destroy it immediately and notify Cymtec Systems, Inc. by telephone at +1.314.993.8700 or 
by return e-mail.

        
________________________________


         

        ------------------------------------------------------------------------------
        This SF.net email is sponsored by Sprint
        What will you do first with EVO, the first 4G phone?
        Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first

        _______________________________________________
        Snort-users mailing list
        Snort-users () lists sourceforge net
        Go to this URL to change user options or unsubscribe:
        https://lists.sourceforge.net/lists/listinfo/snort-users
        Snort-users list archive:
        http://www.geocrawler.com/redir-sf.php3?list=snort-users


###############################################################################
This message from Cymtec Systems, Inc. contains confidential information and is solely for the use of the recipient(s) 
named above.  If you are not the intended recipient or an agent responsible for delivering it to the intended 
recipient, you are hereby notified that you have received this message in error and that any review, disclosure, 
copying, distribution or use of the contents of this message is strictly prohibited.  If you have received this message 
in error, please destroy it immediately and notify Cymtec Systems, Inc. by telephone at +1.314.993.8700 or by return 
e-mail.                    
###############################################################################

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: