Snort mailing list archives
Re: Disabling rules without touching the originals
From: Marcus Spading <linuxnews () fragmentum net>
Date: Thu, 3 Jan 2002 07:55:24 +0100
* Andreas Östling <andreaso () it su se> [020103 07:36]:
Is commenting out a rule or changing the vars in a rule so it doesnt match anymore really the only way to archive this? How do you guys update and organize your rulesets then?I don't know if its going to help you, but I wrote a little script (http://nitzer.dhs.org/oinkmaster/) to help me updating to the latest rules and disable the unwanted ones (by #commenting in the actual rules files). You could always give it a try if you want.
Thanks. I will have at look at it. Maybe it does what I want, but commenting out rules I do not want isn't the way I wanted to go. -- BNCU Marcus _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Disabling rules without touching the originals Marcus Spading (Jan 02)
- Re: Disabling rules without touching the originals Andreas Östling (Jan 02)
- Re: Disabling rules without touching the originals Marcus Spading (Jan 02)
- Re: Disabling rules without touching the originals Brian (Jan 03)
- Re: Disabling rules without touching the originals Marcus Spading (Jan 03)
- Re: Disabling rules without touching the originals Marcus Spading (Jan 02)
- Re: Disabling rules without touching the originals Andreas Östling (Jan 02)