[Snort-users] Snorby SBSA

Christopher A. Libby clibby at ...14973...
Fri Aug 27 11:37:51 EDT 2010


I've been using the Snorby SBSA for a few days now, and I must say I really like the interface and the easy setup.  I do have a few issues that I'd like to manually resolve if anyone has any suggestions.

First, I'd like to be able to utilized SO rules but Oinkmaster doesn't handle them.  I've looked at Pulled Pork on a previous incarnation of this machine but I wasn't very successful in getting it to work with both VRT and ET rules.  Any suggestions on what else I could use?

Second, the snort init script simply starts snort - it doesn't allow for start/stop/restart.  I'd like to just restart snort to reload the rules, but one process gets stuck (no permission to the PID file) so I have to reboot the server.  Does anyone have a good Debian init script for snort?

Thanks! - Chris




More information about the Snort-users mailing list