[Snort-users] When Upgrading Breaks Auto Rule Management

Eoin Miller eoin.miller at ...14586...
Thu Apr 28 14:22:30 EDT 2011


On 4/28/2011 6:13 PM, Jason Wallace wrote:
> Isn't this what "snortrules-snapshot-edge.tar.gz" is suppose to
> handle? I thought "edge" would give you the most recent version of the
> rules you have access to and it would automatically determined
> registered user vs. subscription user based on the oink code you give
> it?
>
> rule_url=https://www.snort.org/sub-rules/|snortrules-snapshot-edge.tar.gz|<oinkcode>
>
>
> thx,
> Wally
That doesn't work with pulledpork at least, it still appends the 
detected version of the locally installed Snort binary to the URI. 
Probably good for a feature request for PP to be able to starting using 
snort-edge.

JJ, does that sound like a good idea (using snort-edge) to help users 
get around the issue of registered users upgrading Snort before a 
registered rulepack is available for them due to the 30 day lag of rules 
from subscriber to registered user?

-- Eoin




More information about the Snort-users mailing list