[Snort-users] Managing Multiple Snort Sensors

Russell Fulton r.fulton at ...3809...
Wed Mar 31 19:43:46 EDT 2010


I have home grown perl scripts that drive oinkmaster with separate configs for each sensor (or group of sensors).  Script runs nightly and downloads rule files (if they have changed) and runs oinkmaster for each group of sensors.  It then goes through the rules & conf files for each sensor to see if anything has changed.  If it has the script scp's a tarball with the changes to the sensor and then runs a script on the sensor to unpack the tarball and restart snort.

Pain points:  Having to update oinkmaster.conf files by hand, apart from that it just works.

I know others that use configuration management systems like puppet or bfgc2 to distribute their snort rules  but that does not get around having to maintain the oinkmaster files.

Russell





More information about the Snort-users mailing list