[Snort-users] Checking snort rules date and Pulledpork status

Joel Esler jesler at ...1935...
Wed May 30 09:26:55 EDT 2012


On May 30, 2012, at 6:25 AM, Dheeraj Gupta wrote:

> Hi,
> Is it possible to gather release date from snortrules-snapshot tar file via standard tools. We use snort for distributed monitoring and need to setup a central update scheme. I thought about setting up a script that updates snort-rules (via pulledpork) only if the rule file is newer than the current ruleset. Alternatively, is there a way by which we can tell the signature release date of the current snort-signature set loaded into snort?

We publish the md5 of the ruleset.  PulledPork checks this md5 on our website against the last md5 you downloaded and if they are different, then it downloads the new rule pack.  So, your request is already taken care of.

> Also is pulledpork still under active development considering the fact that the last release (on code homepage) was over a year ago?

Yes, very much.  Pull the git master if you want the active devel version.  But yes.  JJ is building new features into it to support some of the upcoming features of Snort.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire





More information about the Snort-users mailing list