Snort mailing list archives

Re: Creating a costume Rules repository...

From: Jeremy Hoel <jthoel () gmail com>
Date: Tue, 2 Apr 2013 15:34:00 +0000

What we use.. and this works well for us:

Have one server grab the VRT/ET/local.rules and run pulledpork against
all that.  We make all the config changes on this box and do all the
testing. Then it tgzs the rules/config/bpf/etc and put them on a
websites that the rest of our sensors grab from and untar and then
restart snort and by2.  that happens about 4 times a day.

We figured that would be easier then having each box run an instance
of pullpork and then having to make the configs the same.



On Tue, Apr 2, 2013 at 2:05 PM, Cintron, Jose J. <jcintron () mitre org> wrote:

Can anyone point me to directions on how to create a custom rules repository from which my servers can download the 
rules that I want to use?


+------------------------------------------
| José J. Cintrón - jcintron () mitre org
|
| MITRE Corporation
| 7515 Colshire Drive
| Mail Stop T330
| McLean, VA  22102-7508
|
| Phone: 703.983.3040
| Fax: 703.983.1397
+------------------------------------------


------------------------------------------------------------------------------
Own the Future-Intel(R) Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest. Compete
for recognition, cash, and the chance to get your game on Steam.
$5K grand prize plus 10 genre and skill prizes. Submit your demo
by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Creating a costume Rules repository... Cintron, Jose J. (Apr 02)
- Re: Creating a costume Rules repository... Jeremy Hoel (Apr 02)
- Re: Creating a costume Rules repository... waldo kitty (Apr 02)