pulledpork icon indicating copy to clipboard operation
pulledpork copied to clipboard

Published 20 hours ago verified publisher icon shirkdog

Add a feature to only update sid-msg.map, mainly for local rule modifications.

Open shirkdog opened this issue 9 years ago • 5 comments

From da_667 on IRC:

Quick question for ya: How would one run pulledpork to update JUST the sid-msg.map? So my use case: add local rules update sid-msg.map and that's it

shirkdog avatar Sep 07 '15 18:09 shirkdog

Isn't there an option to just run locally? Instead of downloading the Ruleset. I want to say it's -k

finchy avatar Sep 08 '15 00:09 finchy

I will take a look, if anything, the function and documentation for -k|-K needs to be updated.

shirkdog avatar Sep 08 '15 19:09 shirkdog

It's -n sorry,

finchy avatar Sep 08 '15 19:09 finchy

-n appears to process a local rules file(snort-subscriber.tar.gz). I will check with DA, but I thought he just wants to grab the local.rules file defined in his Snort instance and update sid-msg.map to reflect any 'local.rule' file changes.

shirkdog avatar Sep 08 '15 19:09 shirkdog

I think that's exactly what that function should do.

finchy avatar Sep 08 '15 19:09 finchy