RE: problems updating rules with oinkmaster

["Rowland, Krisa W ERDC-ITL-MS Contractor" <Krisa.W.Rowland () erdc usace army mil>]

My rules path is correct - that is not the problem - thanks for the tip
though.  

-----Original Message-----
From: Paul Schmehl [mailto:pauls () utdallas edu]
Sent: Thursday, April 22, 2004 12:35 PM
To: Rowland, Krisa W ERDC-ITL-MS Contractor; 'Gus Fritschie';
snort-users () lists sourceforge net
Subject: RE: [Snort-users] problems updating rules with oinkmaster


--On Thursday, April 22, 2004 08:33:40 AM -0500 "Rowland, Krisa W 
ERDC-ITL-MS Contractor" <Krisa.W.Rowland () erdc usace army mil> wrote:

> I've been having the same problem - I thought it was just me.  I am
> running Snort-2.0.6.

Not too long ago, the path to the rules files changed.  If you didn't edit 
oinkmaster.conf, then it will fail to update the rules because the path 
wget tries to use is invalid.  You *should* be getting error messages in 
your messages log, and you *should* be checking your messages log for 
errors when you're troubleshooting a problem like this.

The default path that oinkmaster *used* was:
http://www.snort.org/dl/rules/snortrules-current.tar.gz

That path is no longer valid.  You need to edit your conf file to point to 
the correct path for *your* version of snort.

The path for snort 2.1 is:
url = http://www.snort.org/dl/rules/snortrules-snapshot-2_1.tar.gz

Look on the webpage, in the /dl/rules/ page for the correct path for your 
version of snort.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu