Security Basics mailing list archives
Re: snort updates and changes to snort.conf
From: "David J. Bianco" <david () vorant com>
Date: Tue, 01 Jul 2008 08:30:05 -0400
You need to check out Oinkmaster (oinkmaster.sourceforge.net). It's a Perl script to automate the process of downloading new rule updates, making all your local changes (turning off or modifying rules) and merging them in with what you already have. I think this will solve your problem nicely. David newsecurityguy wrote:
I know this is not really the place for this question but I have had no luck elsewhere. Currently, snort is set to update to the newest rule set on a daily basis, which is what I want. However, I also need to suppress some SIDS, which I have always done by editing the snort.conf file. When the updates occur, it appears as if snort.conf is overwritten with a new version, as the changes I make to the file do not last more than 24 hours before disappearing out of the snort.conf. Am I correct in assuming this is what is occurring? Is there any other way to easily suppress events without having to edit the file after each update?
Current thread:
- Re: snort updates and changes to snort.conf David J. Bianco (Jul 02)
- <Possible follow-ups>
- Re: snort updates and changes to snort.conf Joe Beasley (Jul 02)
- Re: snort updates and changes to snort.conf infolookup (Jul 02)
- Re: snort updates and changes to snort.conf newsecurityguy (Jul 11)