[Snort-users] incremental download of snort rules

Joel Esler (jesler) jesler at ...589...
Thu Feb 23 08:08:32 EST 2017


No, but it does check to see if the package needs to be downloaded first, by checking the md5 of the file stored on your machine, vs what is on the site.  This saves a ton of bandwidth.

We even have a feature on Snort.org<http://Snort.org> that randomizes the time your crontab will check Snort.org<http://Snort.org>, so that not everyone is checking it at the same time:  https://www.snort.org/oinkcodes

(Yes, the majority of our traffic is at certain times a day.  It’s very interesting when our site goes from “100” concurrent users to “10,000” concurrent users, all at once, on rule download days.



--
Joel Esler | Talos: Manager | jesler at ...589...<mailto:jesler at ...589...>






On Feb 23, 2017, at 7:24 AM, Nora Aron <valeparatodo at ...11827...<mailto:valeparatodo at ...11827...>> wrote:

Ok, sorry , I thought it just downloaded the incremental diff.

2017-02-23 12:22 GMT+00:00 Marcin Dulak <marcin.dulak at ...11827...<mailto:marcin.dulak at ...11827...>>:
pulledpork will still download the whole rules archive file if it's hash differs from the last downloaded.
snortrules-snapshot-2990.tar.gz is 46M size.

Marcin

On Thu, Feb 23, 2017 at 1:09 PM, Nora Aron <valeparatodo at ...11827...<mailto:valeparatodo at ...11827...>> wrote:
Did you tried PulledPork?
https://github.com/shirkdog/pulledpork




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org<http://SlashDot.org>! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org<http://SlashDot.org>! http://sdm.link/slashdot_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!



More information about the Snort-users mailing list