[Snort-users] Updating questions

Jason Lewis jlewis at ...1831...
Thu Apr 19 21:44:11 EDT 2001


Any chance of you posting those scripts?

I am designing a similar setup and it would probably help a lot of people on
the list.

Jason Lewis
http://www.rivalpath.com
"All you can do is manage the risks. There is no security."


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Ed Padin
Sent: Thursday, April 19, 2001 12:25 PM
To: Phil; snort users
Subject: RE: [Snort-users] Updating questions


I use lynx to snag Max Vision's arachnids file:

lynx --source http://www.whitehats.com/ids/vision.conf

I grab this using a box that has access to the Internet and distribute it to
my snort boxes throughout the 'enterprise'. I also do other stuff with
scripts:


- validate file before sending it. The last record is a 'special' record
marking the end of the file so i grep for that.

- check if snort bombs with the new file and revert to previous file, send
alerts

- periodically check snort processes and restart if dead

- archive and delete old entries /var/log/snort (soon to be changed to use
MySQL)






-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Phil
Sent: Thursday, April 19, 2001 12:02 AM
To: snort users
Subject: [Snort-users] Updating questions


I have 2 questions:
1. I have noticed a lot of people mention that their
rulesets get updated daily and automatically? Is this
througha  plug-in, a cron job? What's the most
efficient way to do this?

2. People have mentioned to me upgrading tot he
snort-daily.tar.gz. That sounds dev-ish/cvs-ish... are
these releases stable or dev releases?

Thanks,
Phil

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list