Snort mailing list archives
Re: Pulled Pork
From: Peter Bates <peter.bates () ucl ac uk>
Date: Tue, 30 Oct 2012 09:14:14 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all On 30/10/2012 08:49, k vijay sai prashanth wrote:
So basically there is a 30 day trial during which you can only update the rules once 15 minutes? Isn't that a reasonable enough amount of time? How much is small amount that you are referring to? I wanted to install PulledPork for the IDS installed for my organization. Is this an annual amount?
You might be best looking at: http://www.snort.org/vrt/buy-a-subscription In a nutshell - you can register for an account on snort.org, get an 'oinkcode' and then download the rules for free - but they will be 30 days behind. The paid subscription gives you access to the rules when they are released.
Also about installing a front-end for my snort. What is the ideal database architecture when dealing with multiple sensors. Does each sensor have its own database or do all the sensors log events to a common database server on which the front-end software [like snorby or aanval] is installed or is there any other way this is implemented.
The latter makes more sense - have Snort write unified2 logfiles, then use Barnyard2 to write to your database. It's important to set unique values for your sensors - if they're on different hosts then the hostname will be used but if you have multiple instances running on the same host you probably need to look at the -i option for Barnyard2. - -- Peter Bates Senior Information Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQEcBAEBAgAGBQJQj5pmAAoJELhVoVpEMS6RCTQH/09Sci/TMznnZCeoRb73lTOH uwzZSRklg/YG/9lQy4zOrjwqhMC7Uk3KLAGBmtugUnVDe0KLQEGxfKtDJH1XQzx2 K821t0YzDkbesZjnG0Uu/+qOpV7E4J+Wxnv3cUM9Ylc0m/JruMILkSCDuOs6Ax1g ocA76Qr7Sbz9mKgDG17fHZuokBpZ2tbYhn1lSV+rv7iWTu2P8zqyCV0Uxl4M4vNp aMcOqzF7jf3WqqgnMnCwBU1BhKPytEHE5tjqAcnzedtw5lYihcCzd31pgYNMu0lq mW8Kullbv3g+N2PVot/uMnmpDXRU6EzN8o+xF5iR4an3OX+VHEho8WqfViDTVYk= =MJC1 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Pulled Pork k vijay sai prashanth (Oct 29)
- Re: Pulled Pork JJC (Oct 29)
- Re: Pulled Pork Michael Steele (Oct 29)
- Re: Pulled Pork JJ Cummings (Oct 29)
- Re: Pulled Pork k vijay sai prashanth (Oct 30)
- Re: Pulled Pork Peter Bates (Oct 30)
- Re: Pulled Pork JJ Cummings (Oct 30)
- Re: Pulled Pork Joel Esler (Oct 30)
- Re: Pulled Pork waldo kitty (Oct 30)
- Re: Pulled Pork Joel Esler (Oct 30)
- Re: Pulled Pork waldo kitty (Oct 30)
- Re: Pulled Pork Jeremy Hoel (Oct 30)
- Re: Pulled Pork JJ Cummings (Oct 30)
- Re: Pulled Pork Berk Gulenler (Oct 31)
- Re: Pulled Pork Michael Steele (Oct 29)
- Re: Pulled Pork Joel Esler (Oct 31)
- Re: Pulled Pork JJC (Oct 29)