Updating Custom Rules on Win2003 sensor ? - IDS Policy Manager v2 Usage

Forum IDS Policy Mana... IDS Policy Mana... Updating Custom Rules on Win2003 sensor ?

7/12/2007 8:24 AM

	Tzachi
1 posts

Updating Custom Rules on Win2003 sensor ?

Hi all

I have installed the snort sensor on a 2003 machine.

Of course when choosing the update method I choose file copy and gave the path to the shared directory that contained the conf file.

The conf file was successfully updated but the rules did not( I have created some test Rules ) .

I believed that the rules didn’t update because they are on a different dir on the server that is not a chilled directory to the directory that the sonrt conf is sitting I moved the rules dir into the etc dir changed the conf file but still the new rules I created with idspm didn’t updated .

Any ideas ?

Thanks

7/12/2007 1:30 PM

	Jeff Dell
233 posts
www.activeworx.com

Re: Updating Custom Rules on Win2003 sensor ?

IDS Policy Manager uploads rules based on the same directory stucture that Snort reads them. By default Snort uses a variable called RULE_PATH for the path of the Snort rules. Make sure you have this set properly for a windows host. by default this is set to "../rules". If you leave this, it will not work for Snort on Winodows. You probably need to change it to "..\rules" or "\rules" or however you have your snort rules path configured based on the default directory location for the snort.conf file.

Also, if you are using v2.1 BETA it has something called fast upload. By default it will use this and only upload rules files that have changed since the last upload. If your upload doesn't work properly and try to upload again, it might not upload all the rules again. uncheck this box in the update sensor form and try to upload again. it will now try to upload all rules files again.

Cheers,
Jeff

Page 1 of 1

Forum

IDS Policy Mana...

Updating Custom Rules on Win2003 sensor ?