[Snort-users] Why PulledPork over Oinkmaster
jesler at ...1935...
Wed Sep 26 13:21:08 EDT 2012
All on the blog:
On Sep 26, 2012, at 1:20 PM, Michael Steele <michaels at ...9077...> wrote:
> Is there anything written up on why we should be using PulledPork over
> Oinkmaster, or over manually updating?
> There may be something on the blog about this? All this should be fairly
> easy for JJ to place on the blog, if it's not there?
> Kindest regards,
> -----Original Message-----
> From: Joel Esler [mailto:jesler at ...1935...]
> Sent: Wednesday, September 26, 2012 12:29 PM
> To: AllowOverride
> Cc: snort-users
> Subject: Re: [Snort-users] Barnyard2 - v2-1.10 is released
> Oinkmaster and barnyard are two different things.
> Oinkmaster updates rules. Barnyard2 processes Snort's output.
> On Sep 26, 2012, at 12:26 PM, AllowOverride <allowoverride at ...11827...> wrote:
>> Hello Firnsy folks,
>> quick question: it's been interesting to exactly how interact barnyard
>> interacts with snort, and curious why it was chosen over oinkmaster as
>> the preferred method. I have noticed that usually if a product is
>> incorporated with another, they would have a basic config file that
>> mirrors the file paths, rather than it be say manually configed inside
>> the conf, or in commandline options when run. So, I wonder if you
>> could pass this to the devs and ask if they can try to make it Easier
>> to install with the snort source attained from snort.org. I mean, they
>> state its preferred now over oinkmaster, however, it its not a
>> seemless install. yes I understand linux/unix FS but for it to be much
>> quicker and easier to install with snort would be great! meaning,
>> paths match the same as the snort-184.108.40.206 for example version.
>> also, there is the same issue with pulledpork. paths are all over the
>> place. both snort, and PP, and yes Barnyard2-firnsy the paths can be
>> cumbersome to finagle for first or even 2nd time users.
>> just a heads up, it's not simple and takes days especially when trying
>> to auto script snort, PP, and BY to all work together.
>> pass this on to a friend, thanks, pete
More information about the Snort-users