Oinkcodes

What is an oinkcode?

Oinkcodes are unique keys associated to your user account. The oinkcode acts as an api key for downloading rule packages with the urls listed below.

Where can I find my oinkcode?

You can find your oinkcode in your user account settings page once you have logged in.

Download rules with your oinkcode

Subscription rules are served from this url. If your subscription is active you will receive the latest rules. If not you will receive the free rule package.

https://www.snort.org/rules/<file_name>?oinkcode=<oinkcode>
<file_name> - make sure to match the rule package with your snort version.

Example: https://www.snort.org/rules/<rulefile-name>?oinkcode=<oinkcode>

Community rules are served from this url. No oinkcode is required because these rules are free.

https://www.snort.org/rules/community
Example: https://www.snort.org/rules/community

PulledPork

PulledPork is a helper script that will automatically download the latest rules for you. PulledPork will determine your version of snort

Crontab Entry

Below is an example that will run pulled pork and download the latest ruleset at 08:50 PM. It relies on the pulledpork.conf for its settings.

 50 20 * * * pulledpork.pl -c pulledpork.conf -i disablesid.conf -T -H

These are a few Basic Usage Examples for setting up a cron tab with pulled pork.


Config entries

Put these entries in your pulled pork config so it will be able to download the appropriate rule file.

rule_url=https://www.snort.org/rules/|snortrules-snapshot.tar.gz|<oinkcode>

To get the docs if you want them, create a second rule_url entry.

 rule_url=https://www.snort.org/rules/|opensource.gz|<oinkcode>