[Snort-users] Pulled Pork Question

Y M snort at ...15979...
Thu Jul 11 13:23:46 EDT 2013


If you use -n with your PulledPork, it will not download the ruleset from Snort website, instead it will process a local ruleset (default directory is /tmp). This will generate generate the sid-msg.map as well as the snort.rules file, given the configurations setup in your pulledpork.conf file. Is this what you are after?

Sent from my Windows Phone
________________________________
From: Starner, Mark<mailto:mark.starner at ...5850...>
Sent: ‎7/‎11/‎2013 7:57 PM
To: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Subject: [Snort-users] Pulled Pork Question

Is there a combination of options to Pulled Pork (running 0.6.1 right now)
to only generate the sid-msg.map file?
Ie I give it a list of rules files, or a directory holding rules files and
all it does is generate the sid-msg.map file?

My sid-msg.map file is different on each sensor I have, because each sensor
may have local rules only on that sensor. So while I use PP to do everything
else, I generate the sid-msg.map file on the sensor itself once I push the
new rules to it.

I have been using the old create_sidmap.pl file from oinkmaster (but it
looks like it will be difficult to modify to support sid-msg.map v2.

So I would like to use PP to do this, and upgrade to the newer version that
supports v2 of the sid-msg.map file.

Thanks
Mark



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130711/3aef2a28/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
-------------- next part --------------
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


More information about the Snort-users mailing list