Re: Snorby SBSA

[JJ Cummings <cummingsj () gmail com>]

As a side note, when you are running SO rules and update them, you must stop the pid and start again, a HUP will not 
correctly reload the binary rules.

Sent from the iRoad

On Aug 27, 2010, at 8:51, "Castle, Shane" <scastle () bouldercounty org> wrote:

> I have a script for use with the "service" command (and "chkconfig") in
> RHEL5. I'm not familiar with Debian; dunno if it'd transport well. Also
> it's customized for two sensors on one box (must start multiple snort
> instances). I can post on the list or send it if you like.
>
> --
> Shane Castle
> Data Security Mgr, Boulder County IT
> GSEC GCIH
> 303-441-3953
>
> -----Original Message-----
> From: Christopher A. Libby [mailto:clibby () mainepublicservice com] 
> Sent: Friday, August 27, 2010 09:38
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] Snorby SBSA
>
> I've been using the Snorby SBSA for a few days now, and I must say I
> really like the interface and the easy setup.  I do have a few issues
> that I'd like to manually resolve if anyone has any suggestions.
>
> First, I'd like to be able to utilized SO rules but Oinkmaster doesn't
> handle them.  I've looked at Pulled Pork on a previous incarnation of
> this machine but I wasn't very successful in getting it to work with
> both VRT and ET rules.  Any suggestions on what else I could use?
>
> Second, the snort init script simply starts snort - it doesn't allow for
> start/stop/restart.  I'd like to just restart snort to reload the rules,
> but one process gets stuck (no permission to the PID file) so I have to
> reboot the server.  Does anyone have a good Debian init script for
> snort?
>
> Thanks! - Chris
>
> ------------------------------------------------------------------------
> ------
> Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
> Be part of this innovative community and reach millions of netbook users
>
> worldwide. Take advantage of special opportunities to increase revenue
> and 
> speed time-to-market. Join now, and jumpstart your future.
> http://p.sf.net/sfu/intel-atom-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> ------------------------------------------------------------------------------
> Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
> Be part of this innovative community and reach millions of netbook users 
> worldwide. Take advantage of special opportunities to increase revenue and 
> speed time-to-market. Join now, and jumpstart your future.
> http://p.sf.net/sfu/intel-atom-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users 
worldwide. Take advantage of special opportunities to increase revenue and 
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users