https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022015-06-17T08:20:13ZOpen Information Security FoundationSuricata - Feature #590: document pulledpork for rule updateshttps://redmine.openinfosecfoundation.org/issues/590?journal_id=53242015-06-17T08:20:13ZAndreas Moemoe.andreas@gmail.com
<ul></ul><p>Thinking that maybe this falls abit outside the scope of the suricata docs? Using suricata will be the same regardless of what rulemanagement framework a person uses.</p> Suricata - Feature #590: document pulledpork for rule updateshttps://redmine.openinfosecfoundation.org/issues/590?journal_id=53312015-06-17T12:27:24ZVictor Julienvictor@inliniac.net
<ul></ul><p>I think it's a critical step for most users to use a rule manager, with generally a few Suricata specific aspects. So it would make sense for us to document it, and also to recommend it to users.</p> Suricata - Feature #590: document pulledpork for rule updateshttps://redmine.openinfosecfoundation.org/issues/590?journal_id=58532015-12-22T16:09:37ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Assignee</strong> set to <i>Andreas Herz</i></li></ul> Suricata - Feature #590: document pulledpork for rule updateshttps://redmine.openinfosecfoundation.org/issues/590?journal_id=62552016-02-07T16:43:59ZAndreas Herzoisf@herzandreas.de
<ul></ul><p>Does anyone have a working pulledpork.conf for Suricata and ETOpen?</p> Suricata - Feature #590: document pulledpork for rule updateshttps://redmine.openinfosecfoundation.org/issues/590?journal_id=62662016-02-08T16:41:38ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Assignee</strong> changed from <i>Andreas Herz</i> to <i>Anonymous</i></li></ul> Suricata - Feature #590: document pulledpork for rule updateshttps://redmine.openinfosecfoundation.org/issues/590?journal_id=84332017-07-03T04:21:28ZFanny Dwargee
<ul></ul><p>Hi,</p>
<p>there's just one thing that Pulledpork currently lacks for Suricata and that's the signal compatibility (Snort uses SIGHUP for reloading its rules and it's harcoded into the Pulledpork code).</p>
<p>That GitHub PR <a class="external" href="https://github.com/shirkdog/pulledpork/pull/274">https://github.com/shirkdog/pulledpork/pull/274</a> provides full support for Suricata signal compatiblity but I'm afraid the Pulledpork guy it's a bit lazy accepting PR. :)</p>
<p>I myself use the current version of Pulledpork with the aforementioned patch and works like a charm, so, in the end the key points are just changing (apart from the common options for the rules) the pid_path and the snort version in the pulledpork.conf file this way:<br /><code>pid_path=/usr/local/var/run/suricata.pid<br />snort_version=suricata-4.0</code></p>
<p>Hope that helps</p> Suricata - Feature #590: document pulledpork for rule updateshttps://redmine.openinfosecfoundation.org/issues/590?journal_id=84342017-07-03T04:25:55ZFanny Dwargee
<ul></ul><p>Forgot to mention how run Pulledpork with the above patch:<br /><code><br />pulledpork.pl -H SIGUSR2 -c /usr/local/etc/pulledpork/pulledpork.conf -E -T<br /></code></p> Suricata - Feature #590: document pulledpork for rule updateshttps://redmine.openinfosecfoundation.org/issues/590?journal_id=98112018-06-12T17:48:54ZJason Ishjason.ish@oisf.net
<ul><li><strong>Effort</strong> set to <i>low</i></li><li><strong>Difficulty</strong> set to <i>low</i></li></ul><p>I'd like to suggest closing this ticket. I think it should be up to Pulled Pork to document using it for Suricata. I'd suggest the same for Oinkmaster, but for historical reasons maybe it should stay. However, once Suricata-Update is bundled, maybe we should remove Oinkmaster documentation as well.</p> Suricata - Feature #590: document pulledpork for rule updateshttps://redmine.openinfosecfoundation.org/issues/590?journal_id=103842018-11-04T09:39:04ZVictor Julienvictor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>Effort</strong> deleted (<del><i>low</i></del>)</li><li><strong>Difficulty</strong> deleted (<del><i>low</i></del>)</li></ul>