[Snort-users] Pulled Pork

Peter Bates peter.bates at ...15381...
Tue Oct 30 05:14:14 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 30/10/2012 08:49, k vijay sai prashanth wrote:
> So basically there is a 30 day trial during which you can only update the
> rules once 15 minutes? Isn't that a reasonable enough amount of time? How
> much is small amount that you are referring to? I wanted to install
> PulledPork for the IDS installed for my organization. Is this an annual
> amount?

You might be best looking at:
http://www.snort.org/vrt/buy-a-subscription

In a nutshell - you can register for an account on snort.org, get an 'oinkcode'
and then download the rules for free - but they will be 30 days behind.

The paid subscription gives you access to the rules when they are released.
 
> Also about installing a front-end for my snort. What is the ideal
> database architecture when dealing with multiple sensors. Does each sensor
> have its own database or do all the sensors log events to a common database
> server on which the front-end software [like snorby or aanval] is installed
> or is there any other way this is implemented.

The latter makes more sense - have Snort write unified2 logfiles, then use Barnyard2
to write to your database.
It's important to set unique values for your sensors - if they're on different hosts
then the hostname will be used but if you have multiple instances running on the same host
you probably need to look at the -i option for Barnyard2.

- -- 
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division	      Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQj5pmAAoJELhVoVpEMS6RCTQH/09Sci/TMznnZCeoRb73lTOH
uwzZSRklg/YG/9lQy4zOrjwqhMC7Uk3KLAGBmtugUnVDe0KLQEGxfKtDJH1XQzx2
K821t0YzDkbesZjnG0Uu/+qOpV7E4J+Wxnv3cUM9Ylc0m/JruMILkSCDuOs6Ax1g
ocA76Qr7Sbz9mKgDG17fHZuokBpZ2tbYhn1lSV+rv7iWTu2P8zqyCV0Uxl4M4vNp
aMcOqzF7jf3WqqgnMnCwBU1BhKPytEHE5tjqAcnzedtw5lYihcCzd31pgYNMu0lq
mW8Kullbv3g+N2PVot/uMnmpDXRU6EzN8o+xF5iR4an3OX+VHEho8WqfViDTVYk=
=MJC1
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list