[Snort-users] Rule management

Matthias Hofherr Matthias_Hofherr at ...1344...
Wed Nov 28 00:35:08 EST 2001

Hi Jason,

On Tue, 27 Nov 2001, Jason Lewis wrote:

> Is anyone updating a master rule list and pushing updates to sensors?  I
> have tossed around different ideas for doing this and thought maybe I could
> get some feedback here.  I was thinking a directory structure that had
> folders for each sensor and rules were updated automatically via scp.
> Thoughts?

We at GeNUA are currently working on a project to manage all rules on a
Central Server in a MySQL-DB. The basic ruleset is managed in a master
table, the individual changes to the rules per sensor in another.
An additional table manages all the individual sensor configuration
Via a web-gui (cgi.pm/DBI) it is possible to create flatfiles for each
sensor (snort.conf/*.rules/classification.config...).
The flatfiles reside in a directory structure.
With scp the rules are transferred to the sensors.
With ssh the sensors get a HUP.

We hope to publish the code in Q1 next year under GPL.
If someone is interested in discussing details and sharing ideas,
drop me an email.

Have fun,

Matthias Hofherr

 Matthias Hofherr             EMail: Matthias_Hofherr at ...4193...
 GeNUA mbH 85551 Kirchheim    Voice: +49 (89) 991950-0

More information about the Snort-users mailing list