[Snort-devel] please use gzip versions

Max Vision vision at ...195...
Fri Apr 20 20:28:14 EDT 2001


Hello,

If you are using a script that automatically downloads vision.conf or
vision.rules, please update it to instead download the gzip versions:

 http://whitehats.com/ids/vision.conf.gz
 http://whitehats.com/ids/vision.rules.gz

I should have been using compression from the start, it would save about a
gig of bandwidth per month.  The old vision.conf and vision.rules files
will be left in place for a few days, but will soon be replaced by short
notes pointing to the new locations.

When changing your scripts, you might also consider using PerlIO::gzip
To install it, try
  perl -MCPAN -e shell;
  install PerlIO::gzip
then just add "use PerlIO::gzip;" at the start of your perl program, and
append ":gzip" to file operations, like:
  open FOO, "<:gzip", "file.gz" or die $!;

It should be simple to patch download scripts to meet the new format.  The
following is an example patch (for arachnids_upd.pl 0.1 by Andreas Ostling
available at http://www.algonet.se/~nitzer/arachnids_upd/)

--- arachnids_upd.pl    Fri Apr 20 16:47:28 2001
+++ arachnids_upd-new.pl        Fri Apr 20 16:55:49 2001
@@ -13,9 +13,10 @@

 my $version = 'arachNIDS Snort rules updater v0.1 by Andreas Vstling, andreaso at ...386...';

-my $url         = "http://www.whitehats.com/ids/vision.rules";
+my $url         = "http://www.whitehats.com/ids/vision.rules.gz";
 my $wget         = "wget";
 my $diff         = "diff";                                     # Use "diff -u" if you prefer the unified output format.
+my $gzip         = "gzip";
 my $ignore_file  = "./arachnids.ignore";
 my $tmpfile      = "/tmp/vision.temp.$$";
 my $wget_opts    = "-nv -T 120 -O $tmpfile";
@@ -41,6 +42,9 @@

 print "Executing: $wget $wget_opts $url\n";
 system("$wget $wget_opts $url");                       # Execute wget command.
+
+print "Executing: cat $tempfile|$gzip -d>$tempfile\n";
+system("cat $tempfile | $gzip -d > $tempfile");

 if (-s "$tmpfile") {                                   # Make sure we received the new ruleset.
     open(NEWRULES,"$tmpfile") or die ("Could not open $tmpfile for reading: $!.\nExiting");







More information about the Snort-devel mailing list