Snort mailing list archives
Re: Duplicate rules & rule parser
From: Peter Bates <peter.bates () ucl ac uk>
Date: Tue, 22 Oct 2013 15:57:21 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all On 22/10/2013 15:32, Anshuman Anil Deshmukh wrote:
Request you to kindly let me know the correct URL's for each of my rule URL. Also shouldn't I put the snort version in the config?
It's worth pointing out that the pulledpork.conf that comes from the site has default values included which are commented out - *because* they don't necessarily need changing. See for example: # This defines the version of snort that you are using, for use ONLY if the # proper snort binary is not on the system that you are fetching the rules with As for the rule URLs, you want: rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode> rule_url=https://s3.amazonaws.com/snort-org/www/rules/community/|community-rules .tar.gz|Community And for ET: rule_url=https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open Any other options should be commented out unless you're using the IP Reputation options. - -- Peter Bates Senior Information Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSZpJRAAoJELhVoVpEMS6RFoIIAIkdOt6TXd2ai8e6c9YJptah 7823FC6qaA/vK+/eOolK4xaY+D73N1wLydmxhQoTsTN/pXLkGQ1nWOZK/g+xTeXs d50LRPKd/a07n8/o+hOssnHNdCQmGSn/89r/P1ThX9BpQIA1i2nQYBW5aRtTbvEU 8HScmX7RGpBjecd3kwdIZSx1JaUPG6TOforK1zb6d7RNG/7keDoP3dA8RicfZB2s 31Vaq5sAFBhuzHIUiCTP58rhQr6+b+azLA3+O1Lj7vF8zozRgy3fIsC+TDO5CM7J EML4xQp7dfV4hRlp2cugbT4OwTcJoHhF7wSMXzLZizldRVN2OM3U5xcc6Tezvu0= =zuEE -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 22)
- Re: Duplicate rules & rule parser JJ Cummings (Oct 22)
- Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 22)
- Re: Duplicate rules & rule parser Joel Esler (Oct 22)
- Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 22)
- Re: Duplicate rules & rule parser Peter Bates (Oct 22)
- Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 22)
- Re: Duplicate rules & rule parser Peter Bates (Oct 22)
- Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 23)
- Re: Duplicate rules & rule parser JJ Cummings (Oct 23)
- Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 23)
- Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 24)
- Re: Duplicate rules & rule parser Joel Esler (Oct 25)
- Re: Duplicate rules & rule parser JJC (Oct 25)
- Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 26)
- Re: Duplicate rules & rule parser Eric G (Oct 26)
- Re: Duplicate rules & rule parser Joel Esler (Oct 26)
- Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 27)
- Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 22)
- Re: Duplicate rules & rule parser JJ Cummings (Oct 22)