Snort mailing list archives

Previous By Date Next
Previous By Thread Next

oinkmaster vs pulledpork was (Oinkmaster can't get rules)

From: Russell Fulton <r.fulton () auckland ac nz>
Date: Tue, 20 Jul 2010 08:29:50 +1200

On 15/07/2010, at 12:50 AM, Joel Esler wrote:


Huge. If I had to pick one feature, it would be that pulledpork handles the SO rules, and oinkmaster does not. But 
there are a lot more features than that, maybe JJ can chime in and highlight some others if you guys want.



I've looked at pulledpork as an alternative to oinkmaster but decided that it did not have the features that *I* 
needed.  I make extensive use of rule modification to change thresholds and addresses and pulledpork can not do that 
(please tell me I'm wrong ;).

If PP does what you need then you should definitely consider it -- it has one huge advantage over oinkmaster -- it is 
actively supported.

Many years ago I had my own script in this space, Andreas adopted several features from my script into oinkmaster and I 
went over to using it.  Since then Andreas has moved on and no longer appears to have the time to maintain oinkmaster.

A list of what PP can do in the way of manipulating rules once retrieved would be useful in any case.  I ended up 
looking through the sample config to figure out what it could and could not do.

R


------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: