[Snort-users] update via oinkmaster

PAURON, GUILLAUME (GUILLAUME) guillaume.pauron at ...14468...
Fri Dec 9 10:55:23 EST 2011


Well, for HTTP updates I am using a proxy, and we authorized only snort.org domains :)

But it seems we are redirected to differents places, that's because you are using Amazon's cloud probably :) So my updates are blocked :(

Since we are using a whitelist I want to be sure It will only be on amazon and not somewhere else ... because it won't work on our side...

I have to open my proxy's whitelist ... another weeks of authorization here ;)


Thanks a lot

-----Message d'origine-----
De : Joel Esler [mailto:jesler at ...1935...] 
Envoyé : vendredi 9 décembre 2011 16:51
À : PAURON, GUILLAUME (GUILLAUME)
Cc : snort-users at lists.sourceforge.net
Objet : Re: [Snort-users] update via oinkmaster

On Dec 9, 2011, at 10:45 AM, PAURON, GUILLAUME (GUILLAUME) wrote:

> I want to update my sigs, not snort of course :)
> 
> I am trying to get some rules from snort.org but it seems that when I try to dl the rules I am redirected to some hosts on others domains (I told sourceforge but this was an example).
> 

Updating sigs is easy, generate your oinkcode, and place your oinkcode into your oinkmaster.conf, and go..  However, it should /never/ go to sourceforge.  Our rules are hosted on Amazon's S3 cloud. 

The only thing we have on sourceforge is for FreeBSD's port structure.  That's why I asked you if you were running FreeBSD.


> I am trying to work with "whitelists" (snort.org, etc), so this is currently not working :(
> 

What whitelist are you referring to?  

> Maybe I am mal-using oinkmaster too :)

I think we are just basically confused. 

Please explain what you are trying to do, the command you are running, the .conf file that you are using, and the output from the command.

J





More information about the Snort-users mailing list