Security Basics mailing list archives
Re: snort updates and changes to snort.conf
From: Joe Beasley <securityadmin () joebeasley org>
Date: Tue, 01 Jul 2008 19:21:18 -0500
You don't have to put your snort.conf file in the same directory your *.rules files are in. I keep my snort.conf in /usr/local/snort-version/etc, and keep all the rules in /usr/local/snort-version/rules. All rule updates will have a new snort.conf (which is overwritten each time) in the rules directory, but I start snort with the conf file in the etc directory. On Sun, 2008-06-29 at 18:07 -0700, newsecurityguy wrote:
I know this is not really the place for this question but I have had no luck elsewhere. Currently, snort is set to update to the newest rule set on a daily basis, which is what I want. However, I also need to suppress some SIDS, which I have always done by editing the snort.conf file. When the updates occur, it appears as if snort.conf is overwritten with a new version, as the changes I make to the file do not last more than 24 hours before disappearing out of the snort.conf. Am I correct in assuming this is what is occurring? Is there any other way to easily suppress events without having to edit the file after each update?
Current thread:
- Re: snort updates and changes to snort.conf David J. Bianco (Jul 02)
- <Possible follow-ups>
- Re: snort updates and changes to snort.conf Joe Beasley (Jul 02)
- Re: snort updates and changes to snort.conf infolookup (Jul 02)
- Re: snort updates and changes to snort.conf newsecurityguy (Jul 11)