4. Newbie Question : How do I know I am using the Snort VRT Subscriber rules

Newbie Question : How do I know I am using the Snort VRT Subscriber rules

  • S

    Just setup pfSense, then added Snort and trying to get my head around it.

    I initially used the Snort VRT FREE Registered User rules.

    I've just paid the $29 Subscription, to get the latest rules moving forward.

    How can I tell that the Subscriber Snort rules are being used, as opposed to the Free 30 day old Registered User rules ?

    When I paid the subscription, I regenerated the oinkcode and did a rule update  … so hoping I'm getting the latest rules.

    Would be nice to be able to see & confirm what rules are being used.

    Stuart.

    0

  • If you pasted in your Oinkcode and are not getting errors, then you are getting the subscriber rules.  The Snort web site picks the rules based on the Oinkcode supplied as part of the rules download URL.  The Snort package on pfSense generates that URL for you behind the scenes using the Oinkcode you provide on the GLOBAL SETTINGS tab.

    Other than trusting that, you could manually verify by looking at the Snort VRT rule update release notes and verifying that any newly posted or modified rules show up that way on your box.  You can examine the text of individual rules on the RULES tab for an interface (only the rules from the categories you have selected will display, though).

    Bill

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy