Posted by Roadrunnere42 on May 27, 2016; 3:42pm
URL: https://itus.accessinnov.com/Re-Help-with-determining-if-IPS-is-updateing-tp981p984.html

breda

when the fw_upgrade script is run, which is set to nightly by default, the snort rules are updated from  web sites automatically if you what to check look at the dates of the files in /etc/snort/rules

snort.rules are where the rules live and when new ones gets released fw_upgrade will either add only the new rules to this file or if it's been more than 14 days since the last complete download will download a completely new file, this is to make sure that any deleted rules are removed from the file.

This method helps to prevent wear to the memory on the shield and is why i started to modify the script in the first place and has just continued to evolve.

roadrunnere42