Snort mailing list archives
Re: incremental download of snort rules
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Thu, 23 Feb 2017 13:08:32 +0000
No, but it does check to see if the package needs to be downloaded first, by checking the md5 of the file stored on your machine, vs what is on the site. This saves a ton of bandwidth. We even have a feature on Snort.org<http://Snort.org> that randomizes the time your crontab will check Snort.org<http://Snort.org>, so that not everyone is checking it at the same time: https://www.snort.org/oinkcodes (Yes, the majority of our traffic is at certain times a day. It’s very interesting when our site goes from “100” concurrent users to “10,000” concurrent users, all at once, on rule download days. -- Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com> On Feb 23, 2017, at 7:24 AM, Nora Aron <valeparatodo () gmail com<mailto:valeparatodo () gmail com>> wrote: Ok, sorry , I thought it just downloaded the incremental diff. 2017-02-23 12:22 GMT+00:00 Marcin Dulak <marcin.dulak () gmail com<mailto:marcin.dulak () gmail com>>: pulledpork will still download the whole rules archive file if it's hash differs from the last downloaded. snortrules-snapshot-2990.tar.gz is 46M size. Marcin On Thu, Feb 23, 2017 at 1:09 PM, Nora Aron <valeparatodo () gmail com<mailto:valeparatodo () gmail com>> wrote: Did you tried PulledPork? https://github.com/shirkdog/pulledpork ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org<http://SlashDot.org>! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org<http://SlashDot.org>! http://sdm.link/slashdot_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- incremental download of snort rules greg . mcnathansonsnuf003 (Feb 22)
- Re: incremental download of snort rules Joel Esler (jesler) (Feb 23)
- Re: incremental download of snort rules James Lay (Feb 25)
- <Possible follow-ups>
- incremental download of snort rules Nora Aron (Feb 23)
- Re: incremental download of snort rules Marcin Dulak (Feb 23)
- Re: incremental download of snort rules Nora Aron (Feb 23)
- Re: incremental download of snort rules Joel Esler (jesler) (Feb 23)
- Re: incremental download of snort rules Marcin Dulak (Feb 23)
- Re: incremental download of snort rules Joel Esler (jesler) (Feb 23)