[Snort-users] What's the correct link for registered rules?

Lay, James james.lay at ...15009...
Tue Jul 5 15:17:18 EDT 2011

Excellent…thanks for the quick assist JJ.




From: JJ Cummings [mailto:cummingsj at ...11827...] 
Sent: Tuesday, July 05, 2011 1:13 PM
To: Lay, James
Cc: <snort-users at lists.sourceforge.net>
Subject: Re: [Snort-users] What's the correct link for registered rules?


Use the one that is documented in PP. As to the converter, someone should contrib and update it :-P



On Jul 5, 2011, at 11:54, "Lay, James" <james.lay at ...15009...> wrote:

	So…I’m taking the plunge from oinkmaster to pp.  I see some things though that are confusing.  From my current oinkmaster:

	http://www.snort.org/pub-bin/oinkmaster.cgi/<my-subscriber-oinkcode>/snortrules-snapshot-2905.tar.gz <http://www.snort.org/pub-bin/oinkmaster.cgi/%3cmy-subscriber-oinkcode%3e/snortrules-snapshot-2905.tar.gz> 


	from the website https://www.snort.org/snort-rules/cli:

	wget http://www.snort.org/sub-rules/snortrules-snapshot-2900.tar.gz/<oinkcode here> -O snortrules-snapshot-2900.tar.gz


	from pulledpork-0.6.1:

	rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode> <https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|%3coinkcode%3e> 


	So my question…which is the one I should use for pp?  As an aside…the oink-conv.pl seems to convert to an older version of pp?  Not sure as it’s the first time I’ve used it ;)  Thanks all.



	All of the data generated in your IT infrastructure is seriously valuable.
	Why? It contains a definitive record of application performance, security 
	threats, fraudulent activity, and more. Splunk takes this data and makes 
	sense of it. IT sense. And common sense.

	Snort-users mailing list
	Snort-users at lists.sourceforge.net
	Go to this URL to change user options or unsubscribe:
	Snort-users list archive:
	Please see http://www.snort.org/docs for documentation

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110705/c55d0784/attachment.html>

More information about the Snort-users mailing list