• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Snort raw rule downloads

IDS/IPS
2
2
776
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jeffhammett
    last edited by Jul 1, 2015, 8:03 PM

    When the pfSense Snort package downloads rule updates, does it save the raw files (either the tarball it downloads from Snort/ET, or the extracted files from those tarballs) somewhere accessible via SSH?

    I find that sometimes it's easier to grep a rule file for a specific rule to see references, etc. than it is to do so through the web gui.

    1 Reply Last reply Reply Quote 0
    • B
      bmeeks
      last edited by Jul 2, 2015, 10:57 PM

      The entire tarball is not saved (it is downloaded to and extracted in a folder under /tmp and then deleted).  However, the individual rules files (category files) extracted from the raw tarball are save here on the firewall:  /usr/pbi/snort-amd64/etc/snort/rules.  Change the amd64 to i386 if you have a 32-bit install.

      Bill

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.