Snort mailing list archives
Re: Question about downloading rules with Oinkmaster
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 13 Jul 2010 14:16:43 -0400
Just to make sure, I wanted you to check that link. But yes. No _s Sent from my iPhone On Jul 13, 2010, at 2:05 PM, "Andy Berryman" <aberryman () Cymtec com> wrote:
So there is nothing that tells it I'm trying to get the subscription rules except for my oinkcode now? Basically all
I need to do is drop the "_s" ?
This is what the page says, which I'm sure you already know.
Configuring Oinkmaster
In order to use Oinkmaster to update Snort with VRT rules you must edit oinkmaster.conf.
In the oinkmaster.conf modify "url" to:
url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode here>/<filename>
Important Note
As noted above, the CURRENT and 2.8 naming conventions have been deprecated as of June 2010 for oinkmaster downloads.
You are responsible for updating your oinkmaster.conf file to reflect your installed version of Snort. Continued
attempts to download outdated versions will result in being banned.
Example for snort 2.8.6.0:
url = http://www.snort.org/pub-bin/oinkmaster.cgi/oink_code_removed/snortrules-snapshot-2860.tar.gz
From: Joel Esler [mailto:jesler () sourcefire com]
Sent: Tuesday, July 13, 2010 12:56 PM
To: Andy Berryman
Cc: <snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Question about downloading rules with Oinkmaster
If you log into snort.org, on the page where you get your oinkcode, you will are the URL you are supposed to use.
Sent from my iPhone
On Jul 13, 2010, at 1:28 PM, "Andy Berryman" <aberryman () Cymtec com> wrote:
I saw there was a change in the rules download, but I'm a little confused on if/what I'm supposed to change in
Oinkmaster.
Currently I have this in my oinkmaster:
url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oink_code_removed>/snortrules-snapshot-2860_s.tar.gz
Am I supposed to change it to this?
url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode here>/sub-rules/snortrules-snapshot-2860.tar.gz
We are a subscriber/integrator.
Thanks,
Andy Berryman
This message from Cymtec Systems, Inc. contains confidential information and is solely for the use of the
recipient(s) named above. If you are not the intended recipient or an agent responsible for delivering it to the
intended recipient, you are hereby notified that you have received this message in error and that any review,
disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received
this message in error, please destroy it immediately and notify Cymtec Systems, Inc. by telephone at +1.314.993.8700
or by return e-mail.
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
This message from Cymtec Systems, Inc. contains confidential information and is solely for the use of the
recipient(s) named above. If you are not the intended recipient or an agent responsible for delivering it to the
intended recipient, you are hereby notified that you have received this message in error and that any review,
disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received
this message in error, please destroy it immediately and notify Cymtec Systems, Inc. by telephone at +1.314.993.8700
or by return e-mail.
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Question about downloading rules with Oinkmaster Andy Berryman (Jul 13)
- Re: Question about downloading rules with Oinkmaster Joel Esler (Jul 13)
- Re: Question about downloading rules with Oinkmaster Andy Berryman (Jul 13)
- Re: Question about downloading rules with Oinkmaster Joel Esler (Jul 13)
- Re: Question about downloading rules with Oinkmaster Andy Berryman (Jul 13)
- Re: Question about downloading rules with Oinkmaster Joel Esler (Jul 13)