document pulledpork for rule updates
we have it for oinkmaster: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule_Management_with_Oinkmaster
Updated by Fanny Dwargee about 4 years ago
there's just one thing that Pulledpork currently lacks for Suricata and that's the signal compatibility (Snort uses SIGHUP for reloading its rules and it's harcoded into the Pulledpork code).
That GitHub PR https://github.com/shirkdog/pulledpork/pull/274 provides full support for Suricata signal compatiblity but I'm afraid the Pulledpork guy it's a bit lazy accepting PR. :)
I myself use the current version of Pulledpork with the aforementioned patch and works like a charm, so, in the end the key points are just changing (apart from the common options for the rules) the pid_path and the snort version in the pulledpork.conf file this way:
Hope that helps
Updated by Jason Ish over 3 years ago
- Effort set to low
- Difficulty set to low
I'd like to suggest closing this ticket. I think it should be up to Pulled Pork to document using it for Suricata. I'd suggest the same for Oinkmaster, but for historical reasons maybe it should stay. However, once Suricata-Update is bundled, maybe we should remove Oinkmaster documentation as well.