[Snort-users] Snorby SBSA

JJ Cummings cummingsj at ...11827...
Fri Aug 27 12:59:51 EDT 2010


As a side note, when you are running SO rules and update them, you must stop the pid and start again, a HUP will not correctly reload the binary rules.

Sent from the iRoad

On Aug 27, 2010, at 8:51, "Castle, Shane" <scastle at ...14946...> wrote:

> I have a script for use with the "service" command (and "chkconfig") in
> RHEL5. I'm not familiar with Debian; dunno if it'd transport well. Also
> it's customized for two sensors on one box (must start multiple snort
> instances). I can post on the list or send it if you like.
> 
> --
> Shane Castle
> Data Security Mgr, Boulder County IT
> GSEC GCIH
> 303-441-3953
> 
> -----Original Message-----
> From: Christopher A. Libby [mailto:clibby at ...14973...] 
> Sent: Friday, August 27, 2010 09:38
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snorby SBSA
> 
> I've been using the Snorby SBSA for a few days now, and I must say I
> really like the interface and the easy setup.  I do have a few issues
> that I'd like to manually resolve if anyone has any suggestions.
> 
> First, I'd like to be able to utilized SO rules but Oinkmaster doesn't
> handle them.  I've looked at Pulled Pork on a previous incarnation of
> this machine but I wasn't very successful in getting it to work with
> both VRT and ET rules.  Any suggestions on what else I could use?
> 
> Second, the snort init script simply starts snort - it doesn't allow for
> start/stop/restart.  I'd like to just restart snort to reload the rules,
> but one process gets stuck (no permission to the PID file) so I have to
> reboot the server.  Does anyone have a good Debian init script for
> snort?
> 
> Thanks! - Chris
> 
> ------------------------------------------------------------------------
> ------
> Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
> Be part of this innovative community and reach millions of netbook users
> 
> worldwide. Take advantage of special opportunities to increase revenue
> and 
> speed time-to-market. Join now, and jumpstart your future.
> http://p.sf.net/sfu/intel-atom-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> ------------------------------------------------------------------------------
> Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
> Be part of this innovative community and reach millions of netbook users 
> worldwide. Take advantage of special opportunities to increase revenue and 
> speed time-to-market. Join now, and jumpstart your future.
> http://p.sf.net/sfu/intel-atom-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list