<div dir="ltr"><div>Hey guys,</div><div><br></div>We use <a href="http://www.ansible.com/home">Ansible</a> for our deployment and rule management with Suricata, and it has proved excellent for our needs.<div><br></div><div>one of my Co-Op students wrote a blog post on how you can use Ansible to deploy the same configuration and customized rules to a bunch of IDS hosts, simply by adding the hosts to the Ansible inventory.</div><div><br></div><div><a href="http://code.hootsuite.com/bots-bots-bots-which-are-good-which-are-bad/">http://code.hootsuite.com/bots-bots-bots-which-are-good-which-are-bad/</a><br></div><div><br></div><div>Checkout the link, and fee free to email me if you would like help with using Ansible to manage Suricata deploys + config files.</div><div><br></div><div>Jake.</div><div><br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><br></div></div></div></div></div>
<br><div class="gmail_quote">On Thu, Jun 11, 2015 at 9:37 AM, Alan Wanderley dos Santos <span dir="ltr"><<a href="mailto:alan.santos@rnp.br" target="_blank">alan.santos@rnp.br</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:Andale Mono;font-size:12pt;color:#000000"><div>Hi,</div><div><br></div><div>If tha configs will be the same for all instances, i think that puppet work's fine for this. Other option is de CFEngine.</div><div><br></div><div>In our project, i'm bulding my own scripts to do the automatic updates on suricatas file's conf.<br></div><div><br></div><div>We choose that way because we have some particulars configs on each suricata instance.<br></div><div><br></div><div>PS: sorry for my english mistakes.</div><div><br></div><div>Regards,</div><div><br></div><div>-----------------------------------------------<br></div><div>Alan Santos<br>Analista de Segurança<br>Centro de Atendimento a Incidentes de Segurança (CAIS)<br>Rede Nacional de Ensino e Pesquisa (RNP)<br>(19) 3787-3314 | <a href="mailto:alan.santos@rnp.br" target="_blank">alan.santos@rnp.br</a></div><div><br></div><hr><div><b>De: </b>"Saxena, Samiksha" <<a href="mailto:samiksha.saxena@verizon.com" target="_blank">samiksha.saxena@verizon.com</a>><br><b>Para: </b><a href="mailto:oisf-users@lists.openinfosecfoundation.org" target="_blank">oisf-users@lists.openinfosecfoundation.org</a><br><b>Enviadas: </b>Quinta-feira, 11 de junho de 2015 12:32:47<br><b>Assunto: </b>[Oisf-users] Automate Suricata.yaml file settings<br></div><div><br></div><div><div>Hi,</div><br><div>I have multiple suricata instances running on different servers. Is there a way I can automate the suricata configuration on all the servers at once? Also, how can I apply the same configuration on all suricata instances?</div><br><div>Thanks</div><br> <br>_______________________________________________<br>Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><br>Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>Suricata User Conference November 4 & 5 in Barcelona: <a href="http://oisfevents.net" target="_blank">http://oisfevents.net</a><br></div></div></div><br>_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
Suricata User Conference November 4 & 5 in Barcelona: <a href="http://oisfevents.net" rel="noreferrer" target="_blank">http://oisfevents.net</a><br></blockquote></div><br></div></div>