[Snort-users] Snorby SBSA

Joel Esler jesler at ...1935...
Fri Aug 27 11:51:12 EDT 2010


Pulledpork will handle both ET and VRT rules at the same time, plus SO. 


Sent from my iPhone

On Aug 27, 2010, at 11:37 AM, "Christopher A. Libby" <clibby at ...14973...> wrote:

> I've been using the Snorby SBSA for a few days now, and I must say I really like the interface and the easy setup.  I do have a few issues that I'd like to manually resolve if anyone has any suggestions.
> 
> First, I'd like to be able to utilized SO rules but Oinkmaster doesn't handle them.  I've looked at Pulled Pork on a previous incarnation of this machine but I wasn't very successful in getting it to work with both VRT and ET rules.  Any suggestions on what else I could use?
> 
> Second, the snort init script simply starts snort - it doesn't allow for start/stop/restart.  I'd like to just restart snort to reload the rules, but one process gets stuck (no permission to the PID file) so I have to reboot the server.  Does anyone have a good Debian init script for snort?
> 
> Thanks! - Chris
> 
> ------------------------------------------------------------------------------
> Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
> Be part of this innovative community and reach millions of netbook users 
> worldwide. Take advantage of special opportunities to increase revenue and 
> speed time-to-market. Join now, and jumpstart your future.
> http://p.sf.net/sfu/intel-atom-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list