[Oisf-users] Need some help with VRT Rules, and autoupdating with oinkmaster
David Woodfall
dave at dawoodfall.net
Mon Oct 2 01:57:52 UTC 2017
Hi
I have just got started with suricata 4.0.0. I am not sure which VRT
rules I should be getting.
I grabbed snortrules-snapshot-29110.tar.gz a short while ago and
copied rules/*rules to /etc/suricata/rules then I did a 'cat
etc/sid-msg-map >> /etc/suricata/rules/sid-msg-map'.
I restarted suricata and saw no errors, so now I guess I'm waiting for
a rule match to occur in fast.log.
I have a cron.daily job running oinkmaster for emerging rules, and I
think I'm going to have to think a bit about how to merge the
sid-msg-map with the one supplied with VRT:
The cron.daily/oinkmaster command:
/usr/sbin/oinkmaster.pl -C /etc/oinkmaster.conf -o /etc/suricata/rules
/etc/oinkmaster.conf:
url =
https://rules.emergingthreats.net/open/suricata-3.2/emerging.rules.tar.gz
If anyone can give some hints/tips etc. I'd be very grateful.
Thanks
Dave
More information about the Oisf-users
mailing list