Snort mailing list archives
Re: Updating Rules using Oinkmaster
From: Peter Bates <peter.bates () ucl ac uk>
Date: Tue, 8 Jan 2013 09:24:53 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all On 08/01/2013 02:45, Yayan Tri Taryana wrote:
i want to ask about updating snort using oinkmaster .. after the rules updated .. should i restart snort and barnyard service.. or snort and barnyard automaticly known the new rules
Yes, you need to restart snort and barnyard. First though you need to recreate sid-msg.map with the new rules - there's a script that comes with Oinkmaster called create-sidmap.pl, which you use along the lines of: /path/to/create-sidmap.pl /path/to/snort/rules > /path/to/sid-msg.map for example /usr/bin/create-sidmap.pl /etc/snort/rules > /etc/snort/sid-msg.map I'd also recommend looking at PulledPork because this does all this and more - http://code.google.com/p/pulledpork/ - -- Peter Bates Senior Information Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEcBAEBAgAGBQJQ6+XlAAoJELhVoVpEMS6RGmgIAKuN/hAgK7Y2E6EBxsXC4ZRF J/RY18xX2o1uE5N4l9dYcHmUYOdMmJGWEEyZwNUZ76jPialvkvkYSSiXnEQIJrXz mp+nZ2Up2BbJGatKxrZ7oY4jaCG9nBDmwwndyONbTtSrtWQmoNNBuMiFy6Lm+pai mmxhIyAQKkXMzppJKhMMTxmELYdJA3gXVyoBcqsTNU/ISXU4pwXNQTj312GyBUIj pFqNv61Ob4HS/TDhc2W2RGiD0SJw0Mz9R6YPKF98hE2q4weAwdbvolpFZOksMzVJ T2d15ZdZoxVoRA+CmKbDpwLgTK31+ooICHKzRfjtGvhveBEEsN7VKKbHe4R9Txg= =9N+n -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS and more. Get SQL Server skills now (including 2012) with LearnDevNow - 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only - learn more at: http://p.sf.net/sfu/learnmore_122512 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Updating Rules using Oinkmaster Yayan Tri Taryana (Jan 07)
- Re: Updating Rules using Oinkmaster Peter Bates (Jan 08)