snort-users May 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] Rule Update Issue

Re: [Snort-users] Rule Update Issue

From: JJ Cummings <cummingsj_at_nospam>
Date: Tue May 12 2009 - 14:54:17 GMT
To: Jeff Dell <jdell@activeworx.com>


Just what Jeff said but I have included the links to some tools that may assist you.

Depending on your needs, there are a few tools out there that will handle this automatically (if scheduled in chron or as a scheduled task) Of course I have not personally tried either on windows, but assuming that you have a perl interpreter running properly and the apt libs should be just fine.

Oinkmaster: http://oinkmaster.sourceforge.net/ Baconator: http://code.google.com/p/baconator/

JJC On Tue, May 12, 2009 at 8:29 AM, Jeff Dell <jdell@activeworx.com> wrote:

> IDS Policy Manager does not auto-update rules. You will need to update them
> manually.
>
> Cheers,
> Jeff
>
> -----Original Message-----
> From: sachin kokcha [mailto:sachin.kokcha@ril.com]
> Sent: Tuesday, May 12, 2009 9:21 AM
> To: snort-users@lists.sourceforge.net
> Cc: Ramamohan Vatyam
> Subject: [Snort-users] Rule Update Issue
>
> Dear Snort Gurus',
>
> The problem we are facing is like we till date not getting automatic
> updates of the rules on our Snort IDS Box. Most of the time we perform
> update task manually only.
>
> Our Configuration :
> OS : *Windows Server 2003*
> Snort Version : *2_8_3_1_Installer*
> IDS Policy Manager Version :* 2.2*
>
>
> Policy Manager Setting Misc' Settings:
> Oink Code :*451f07091a2ca19772f322800ca1351fcef7e12a*
> Check for updates :*Weekly*
> Backup Database :*Weekly*
> Policy Cache Timeout :*24 Hours *
> Remove Old Rule : *Check box checked*
> Proxy setting also properly configured in IDS Policy Manager.
>
> Can somebody help us on this issue.
>
> Thanks in advance
> Sachin Kokcha
> "Confidentiality Warning: This message and any attachments are intended
> only
> for the use of the intended recipient(s).
> are confidential. and may be privileged. If you are not the intended
> recipient. you are hereby notified that any
> review. re-transmission. conversion to hard copy. copying. circulation or
> other use of this message and any attachments is
> strictly prohibited. If you are not the intended recipient. please notify
> the sender immediately by return email.
> and delete this message and any attachments from your system.
>
> Virus Warning: Although the company has taken reasonable precautions to
> ensure no viruses are present in this email.
> The company cannot accept responsibility for any loss or damage arising
> from
> the use of this email or attachment."
>
>
>
> ----------------------------------------------------------------------------
> --
> The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
> production scanning environment may not be a perfect world - but thanks to
> Kodak, there's a perfect scanner to get the job done! With the NEW KODAK
> i700
> Series Scanner you'll get full speed at 300 dpi even with all image
> processing features enabled. http://p.sf.net/sfu/kodak-com
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> ------------------------------------------------------------------------------
> The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
> production scanning environment may not be a perfect world - but thanks to
> Kodak, there's a perfect scanner to get the job done! With the NEW KODAK
> i700
> Series Scanner you'll get full speed at 300 dpi even with all image
> processing features enabled. http://p.sf.net/sfu/kodak-com
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com



Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users