[Snort-users] rule database

John Kiehnle john at ...1477...
Wed Mar 14 13:06:01 EST 2001

vision.rules is maintained daily at www.whitehats.com. It can be grabbed at
will to update your rules.
There are cron jobs to do this as well as a nice little C program called
ruleset-retrieve which can be found on the snort site in the downloads section.
It will update the ruleset and signal the snort daemon to restart. Good Luck


On Wed, 14 Mar 2001 11:56:06 +0100, Roeland Weve said:

>  I am working on a project to implement an IDS in our network.
>  First I had to figure out which IDS to use and where to put it in the
>  network.
>  That wasn't that difficult, I probibly use Snort with to interfaces,
>  great!
>  But now I'm having troubles with the rules database. When I will finish
>  the project, almost everything must go automaticly.
>  Two reasons: I will leave and nobody else has the time to mantain it
>  everyday.
>  I can remove the non-important rules from the database and let Snort run
>  on a machine and if there is suspicious hack attempt,
>  the machine must warn somebody that an intruder is trying to hack (I'll
>  have to implement this, somebody has any ideas on this point?).
>  How can I automatic add rules, that are important enough to warn
>  somebody, to the database?
>  I thought about it, but I think this is quite a difficult subject.
>  Thanks alot,
>  Roeland
>  _______________________________________________
>  Snort-users mailing list
>  Snort-users at lists.sourceforge.net
>  Go to this URL to change user options or unsubscribe:
>  http://lists.sourceforge.net/lists/listinfo/snort-users

John Kiehnle

--- CHAOS -Where Great Dreams Begin ---

Befor a great vision can become reality there may be difficulty. Befor a person
begins a great endeavor, they may encounter chaos.

As a new plant breaks the ground with great difficulty, foreshadowing the huge
tree, so must we sometimes push against difficulty in bringing forth our

"Out of Chaos, Brilliant Stars are Born."

I-Ching Hexagram #3

More information about the Snort-users mailing list