Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Inputs about polman for managing rules

From: Edward Fjellskål <edwardfjellskaal () gmail com>
Date: Fri, 8 Apr 2011 15:42:53 +0200
Hi,

On Fri, Apr 8, 2011 at 11:27 AM, carlopmart <carlopmart () gmail com> wrote:

Hi all,

 After some weeks of tests using pulledpork, I am not convinced. After
searching another posibilities, I have found two: oinkmaster and polman
(http://www.gamelinux.org/?p=240)

 Oinkmaster is too old and needs some tunning to make all I need and
that causes difficulties to maintain.

 On the other side, Polman offers some very interesting features, but I
see a problem: I need to keep two databases for different sensors
(suricata and snort), hosted in shared storage accessible by two
servers. Looking at the script, is enough to modify the path which
polman search these databases?


I run polman on my sguil-server. I generate all the rulesets for the
sensors there, and scp them to the sensors. On the sguil-server,
I aslo have snort installed, so I can check if "snort -Tc" work before
sending (scp) at least the snort rules off to the sensor (suricata has not
such a function yet). Then I ssh %cmd to restart the sensor.


 And any input about this tool??


Other than I wrote it for my use, and have used it without any big
features missing for me since I wrote it, I have not updated it.
So it has worked for me 3-4 months now.
Any suggestions/bugs/features are very welcome!

I have stuff on my todo list, but not got around to implement them yet.

e


 Thanks.

--
CL Martinez
carlopmart {at} gmail {d0t} com

------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-- 
Edward Bjarte Fjellskål
Senior Security Analyst
http://www.gamelinux.org/

------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: