[Snort-users] Pulled Pork

Peter Bates peter.bates at ...15381...
Tue Oct 30 05:14:14 EDT 2012

Hash: SHA1

Hello all

On 30/10/2012 08:49, k vijay sai prashanth wrote:
> So basically there is a 30 day trial during which you can only update the
> rules once 15 minutes? Isn't that a reasonable enough amount of time? How
> much is small amount that you are referring to? I wanted to install
> PulledPork for the IDS installed for my organization. Is this an annual
> amount?

You might be best looking at:

In a nutshell - you can register for an account on snort.org, get an 'oinkcode'
and then download the rules for free - but they will be 30 days behind.

The paid subscription gives you access to the rules when they are released.
> Also about installing a front-end for my snort. What is the ideal
> database architecture when dealing with multiple sensors. Does each sensor
> have its own database or do all the sensors log events to a common database
> server on which the front-end software [like snorby or aanval] is installed
> or is there any other way this is implemented.

The latter makes more sense - have Snort write unified2 logfiles, then use Barnyard2
to write to your database.
It's important to set unique values for your sensors - if they're on different hosts
then the hostname will be used but if you have multiple instances running on the same host
you probably need to look at the -i option for Barnyard2.

- -- 
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division	      Internal Ext: 32049
University College London
London WC1E 6BT
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/


More information about the Snort-users mailing list