[Snort-users] Rule Update Issue

JJ Cummings cummingsj at ...11827...
Tue May 12 10:54:17 EDT 2009


Just what Jeff said but I have included the links to some tools that may
assist you.

Depending on your needs, there are a few tools out there that will handle
this automatically (if scheduled in chron or as a scheduled task)  Of course
I have not personally tried either on windows, but assuming that you have a
perl interpreter running properly and the apt libs should be just fine.

Oinkmaster: http://oinkmaster.sourceforge.net/
Baconator: http://code.google.com/p/baconator/

JJC

On Tue, May 12, 2009 at 8:29 AM, Jeff Dell <jdell at ...1095...> wrote:

> IDS Policy Manager does not auto-update rules. You will need to update them
> manually.
>
> Cheers,
> Jeff
>
> -----Original Message-----
> From: sachin kokcha [mailto:sachin.kokcha at ...14479...]
> Sent: Tuesday, May 12, 2009 9:21 AM
> To: snort-users at lists.sourceforge.net
> Cc: Ramamohan Vatyam
> Subject: [Snort-users] Rule Update Issue
>
> Dear Snort Gurus',
>
> The problem we are facing is like we till date not getting automatic
> updates of the rules on our Snort IDS Box. Most of the time we perform
> update  task manually only.
>
> Our Configuration :
> OS : *Windows Server 2003*
> Snort Version : *2_8_3_1_Installer*
> IDS Policy Manager Version :* 2.2*
>
>
> Policy Manager Setting Misc' Settings:
> Oink Code :*451f07091a2ca19772f322800ca1351fcef7e12a*
> Check for updates :*Weekly*
> Backup Database  :*Weekly*
> Policy Cache Timeout :*24 Hours *
> Remove Old Rule : *Check box checked*
> Proxy setting also properly configured in IDS Policy Manager.
>
> Can somebody help us on this issue.
>
> Thanks in advance
> Sachin Kokcha
> "Confidentiality Warning: This message and any attachments are intended
> only
> for the use of the intended recipient(s).
> are confidential. and may be privileged. If you are not the intended
> recipient. you are hereby notified that any
> review. re-transmission. conversion to hard copy. copying. circulation or
> other use of this message and any attachments is
> strictly prohibited. If you are not the intended recipient. please notify
> the sender immediately by return email.
> and delete this message and any attachments from your system.
>
> Virus Warning: Although the company has taken reasonable precautions to
> ensure no viruses are present in this email.
> The company cannot accept responsibility for any loss or damage arising
> from
> the use of this email or attachment."
>
>
>
> ----------------------------------------------------------------------------
> --
> The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
> production scanning environment may not be a perfect world - but thanks to
> Kodak, there's a perfect scanner to get the job done! With the NEW KODAK
> i700
> Series Scanner you'll get full speed at 300 dpi even with all image
> processing features enabled. http://p.sf.net/sfu/kodak-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> ------------------------------------------------------------------------------
> The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
> production scanning environment may not be a perfect world - but thanks to
> Kodak, there's a perfect scanner to get the job done! With the NEW KODAK
> i700
> Series Scanner you'll get full speed at 300 dpi even with all image
> processing features enabled. http://p.sf.net/sfu/kodak-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090512/4d070c4c/attachment.html>


More information about the Snort-users mailing list