[Oisf-users] Suricata rule deployment

Saxena, Samiksha samiksha.saxena at verizon.com
Mon Jul 13 14:34:30 UTC 2015

Thanks Cooper for the reply.
So, can I have one central server which can download all the rules every
night from internet and push the rules to all suricata instances?

On 7/10/15, 4:15 PM, "Cooper F. Nelson" <cnelson at ucsd.edu> wrote:

>Hash: SHA1
>There are lots of ways to do this, but keep in mind it breaks the
>license agreement of the vendors that provide premium signatures.  Make
>sure you are paying for a license per sensor.
>Anyways, you can easily have a cron job that keeps a local copy of the
>tar.gz file in sync and then use oinkmaster on each host to pull that
>copy as per the example in the conf file:
>> # Example to use scp to copy the rules archive from another host.
>> # Only OpenSSH is tested. See the FAQ for more information.
>> # url = scp://user@somehost.example.com:/somedir/snortrules.tar.gz
>Or, you can have a 'master' sensor and use rsync to keep all the other
>sensors in sync with it.
>- -Coop
>On 7/10/2015 1:06 PM, Saxena, Samiksha wrote:
>> Hi, 
>> I have a question about Suricata rules push. I am thinking to use
>> Okinmaster to install rules. Is there a way to have a centrailzed server
>> to install all the rules and distribute to all the suricata instances?
>> Thanks
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support:
>> List: 
>> Suricata User Conference November 4 & 5 in Barcelona:
>- -- 
>Cooper Nelson
>Network Security Analyst
>UCSD ACT Security Team
>cnelson at ucsd.edu x41042
>Version: GnuPG v2.0.17 (MingW32)

More information about the Oisf-users mailing list