[Snort-users] Updating Rules using Oinkmaster

Peter Bates peter.bates at ...15381...
Tue Jan 8 04:24:53 EST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 08/01/2013 02:45, Yayan Tri Taryana wrote:
> i want to ask about updating snort using oinkmaster ..
> 
> after the rules updated .. should i restart snort and barnyard service.. or
> snort and barnyard automaticly known the new rules

Yes, you need to restart snort and barnyard.

First though you need to recreate sid-msg.map with the new rules - there's a script 
that comes with Oinkmaster called create-sidmap.pl, which you use along the lines of:

/path/to/create-sidmap.pl /path/to/snort/rules > /path/to/sid-msg.map

for example

/usr/bin/create-sidmap.pl /etc/snort/rules > /etc/snort/sid-msg.map

I'd also recommend looking at PulledPork because this
does all this and more - http://code.google.com/p/pulledpork/

- -- 
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division	      Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJQ6+XlAAoJELhVoVpEMS6RGmgIAKuN/hAgK7Y2E6EBxsXC4ZRF
J/RY18xX2o1uE5N4l9dYcHmUYOdMmJGWEEyZwNUZ76jPialvkvkYSSiXnEQIJrXz
mp+nZ2Up2BbJGatKxrZ7oY4jaCG9nBDmwwndyONbTtSrtWQmoNNBuMiFy6Lm+pai
mmxhIyAQKkXMzppJKhMMTxmELYdJA3gXVyoBcqsTNU/ISXU4pwXNQTj312GyBUIj
pFqNv61Ob4HS/TDhc2W2RGiD0SJw0Mz9R6YPKF98hE2q4weAwdbvolpFZOksMzVJ
T2d15ZdZoxVoRA+CmKbDpwLgTK31+ooICHKzRfjtGvhveBEEsN7VKKbHe4R9Txg=
=9N+n
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list