[Snort-users] Testing Snort

Josh Bitto jbitto at ...16055...
Wed Jan 30 16:34:31 EST 2013

Yeah I see that my rules are out of date....when I try updating them from the command line I get a forbidden message.....I'm using pfsense so I guess the gui update option doesn't work.

This is what I type to get the forbidden message

fetch http://www.snort.org/pub-bin/oinkmaster.cgi/5[oinkCode]/snortrules-snapshot-2930.tar.gz

From: Joel Esler [mailto:jesler at ...1935...]
Sent: Wednesday, January 30, 2013 12:52 PM
To: Josh Bitto
Cc: Jeremy Hoel; Snort Users
Subject: Re: [Snort-users] Testing Snort

On Jan 30, 2013, at 3:44 PM, Josh Bitto <jbitto at ...16055...<mailto:jbitto at ...843.....16055...>> wrote:

1. The rules update....I obtained the oinkmaster code and put it in. It has the option to update at certain time every 12 hours for example.....Does it automatically do that or do I have to buy a subscription for that to actually work? I know the definitions will be 30 days old for just a regular registered user, but still.

You'd probably want to cron it.

2. Back to the rules search....ok I searched a couple of SID numbers and it came back as "this rule as been deprecated and placed into deleted.rules"
Should I suppress that or is my definitions outdated?

Your definitions may be outdated.  When we delete a rule, it usually because it's no longer useful or it's been replaced by better detection.

Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130130/5a58dbb1/attachment.html>

More information about the Snort-users mailing list