Snort mailing list archives
Oinkmaster v1.1 questions
From: Rich Adamson <radamson () routers com>
Date: Sat, 25 Dec 2004 12:50:46 -0600
I'm implementing oinkmaster for the first time on a Win32 box with snort v2.2.0, and it is updating both snort.org and bleedingsnort.com rules. But, as a newbie to oinkmaster, I've got a couple of questions... 1. There seems to be two ways to specify a url for fetching rule updates. One from the command line with the -u switch, and a second by specifing the url in the oinkmaster.conf file. Is that a correct assumption? 2. Can the oinkmaster.conf file contain both url's (eg, will both the snort.org and bleedingsnort.com rules be updated)? 3. Until I get some experience with oinkmaster, I've simply set up a shortcut on the desktop to execute the perl scripts for updating. When I'm more comfortable with the results, I'll schedule it via the equiv of a cron job. It would appear the snort.org rules for v2.2 are not actually updated on their web site on a regular basis even though their file is rebuilt daily. Is that a correct assumption? 4. What's the proper way to handle bleeding-sid-msg.map file using oinkmaster? (For now, I manually copy/pasted the contents into the etc/sid-msg.map file. I'm assuming there is a better way to handle that via oinkmaster.) TIA, Rich ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Oinkmaster v1.1 questions Rich Adamson (Dec 25)
- Re: Oinkmaster v1.1 questions Andreas Östling (Dec 27)