I've been working on getting my snort machine up and running, and working through Snort IDS and IPS Toolkit.
The authors suggest using Oinkmaster, but on that website, the last update was February of 2008. That seems sort of...odd. Maybe there haven't been any issues with oinkmaster in the past year and a half, but it made me wonder if there was another solution that I don't know about.
If you use snort, do you automatically update your rules, and if so, how?
Oinkmaster is the recommended and best way to keep your rules updated. It is a simple script that's why it hasn't been updated in a while.
This is a good howto: http://taosecurity.blogspot.com/2004/07/using-oinkmaster-to-update-snort-rules.html
Pulled Pork is now considered the recommended rule updating system for Snort. While it is not an official Sourcefire product, it is developed by a Sourcefire employee.
The syntax is slightly more complicated than oinkmaster, however a contributed script, oink-conv.pl, will read in your oinkmaster config and convert it to pulledpork syntax making system conversions much easier.
In addition to update standard rules, it is also capable of managing the so_rules that were previously a manual process.