Re: Verifying Snort rules are updating?

[James Lay <jlay () slave-tothe-box net>]

On 2014-06-26 14:34, Jeff Meigs wrote:
> Hello everyone,
>
> We use to pull the rules using our own script but now we switched to
> using pulled pork. It seems the way its set up now with pulled pork 
> is
> it dumps everything into that single file.
>
> How are some of you verifying snort is running every day?
>
> We have a report that used to tell us the file dates so we knew it 
> was
> being updated. Anyone have any other methods?
>
> Thanks,
>
> JEFFREY MEIGS
>
> JUNIOR PROGRAMMER
>
> SUNWEST ECU
>
> JMEIGS () SUNWESTECU COM

I get a report every weekday:

#!/bin/bash
/usr/local/bin/pulledpork.pl -l -c 
/etc/snort/pulledpork/pulledpork.conf 2>&1 | /usr/local/bin/sendEmail -f 
mailhost.ick -t me () mydomin com -u "Pulledpork Weekday Report"

/etc/rc.d/rc.snort stop
sleep 1
/etc/rc.d/rc.snort start

James


------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!