Snort mailing list archives

Re: Snort / Pulled Pork Confusion

From: Peter Bates <peter.bates () ucl ac uk>
Date: Fri, 5 Oct 2012 08:57:28 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 05/10/2012 07:38, AllowOverride wrote:

np, yes it interesting how barnyard2 is being promoted more than
oinkmaster. i mean i had to fudge the url from pulledpork.conf to get
the url to work, prolly losing functionality as i commented out a url or
two to get it to pull rules. bottom line, its bar time devs, and agree
on something for all these programs to work in tandem with ease not all
this stress. maybe thats the intended purpose.. forcing turnkey
solutions. im not one for it all, i will get it to work, but i feel
sorry for the linux/unix noob to make it all work.


I presume you mean 'pulledpork is being promoted more than oinkmaster'?

The noob should probably be going for SecurityOnion/smooth-sec/redborder.

Learning how all the individual bits go together (Snort, output processor,
rule manager) is just that - learning.

You could argue that Snort could have retained its database plugin and bundle
a rule manager - but you can also see the logic behind them making things modular.

- -- 
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division         Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQbpLoAAoJELhVoVpEMS6RvfQH/jHw7AdbUnwfUxS/pqNnKwaV
XOKRDybDlGUdBglaxTMp+jN7fn/MUfM+ZgZeGXtfuf0wYzXPbu5k40jG9QIsKfG9
scWWnIZSx+EP3O07VoingoWoPPKJQDg1lkDSWpCOUnHqZsjZHXQ7WqFkWtEBaotw
K3Qk4MWbZPmC9aEh03eeJZsK4WXhmKZY4OOgrE0G15cxxiNqVljnNkKq+nivlfys
1uxmJdWDJv+wtlScKIyeLxgnP5klSSTBtEnbaQKAqhM/vCdrAifwpVlsRegODnAQ
qQwhkSS7o7fVXglSrCxW/yBFdQZSW3PfHwY6iog+eZDjl2BfvlVylnECCpBKOKs=
=JAeO
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: Snort / Pulled Pork Confusion, (continued)
- - Re: Snort / Pulled Pork Confusion AllowOverride (Oct 04)
    - Re: Snort / Pulled Pork Confusion JJC (Oct 04)
    - Re: Snort / Pulled Pork Confusion Michael Steele (Oct 04)
    - Re: Snort / Pulled Pork Confusion Jefferson, Shawn (Oct 04)
    - Re: Snort / Pulled Pork Confusion AllowOverride (Oct 04)
    - Re: Snort / Pulled Pork Confusion JJC (Oct 04)
    - Re: Snort / Pulled Pork Confusion AllowOverride (Oct 04)
- Re: Snort / Pulled Pork Confusion Lay, James (Oct 03)
- Re: Snort / Pulled Pork Confusion Jefferson, Shawn (Oct 04)
  - Re: Snort / Pulled Pork Confusion AllowOverride (Oct 04)
    - Re: Snort / Pulled Pork Confusion Peter Bates (Oct 05)
    - Re: Snort / Pulled Pork Confusion AllowOverride (Oct 05)
    - Re: Snort / Pulled Pork Confusion Peter Bates (Oct 05)
    - Re: Snort / Pulled Pork Confusion AllowOverride (Oct 05)
    - Re: Snort / Pulled Pork Confusion AllowOverride (Oct 05)