Snort mailing list archives
oinkmaster.conf enterred disablesid - get enbalbed
From: Snortty <cwcwcwg () yahoo com>
Date: Tue, 16 Dec 2003 12:50:05 -0800 (PST)
Hi, All; I tried to diable some rules by put # in frot of the rule (here is in the icmp.rule file), and enter it in the oinkmaster.conf at the bottom of the file as: disablesid 485 Then, I just run it simply: oinkmaster-0.8# oinkmaster.pl -o /snort/snort-2.0.1/rules/ to see if the change in rule.icmp will be overwritten. It got overwritten after I run it, and output shows: [+++] Enabled rules: [+++] -> Enabled in icmp.rules (1): alert icmp any any -> any any (msg:"ICMP Destination Unreachable (Communication Administratively Prohibited)"; itype: 3; icode: 13; sid:485; classtype:misc-activity; rev:2;) This is the rule I put # in front of alert, and in the oinkmaster.conf with SID number, now it's enabled after I run oinkmaster.pl. Did I miss anything, anyone please? Thanks a LOT! SW. __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Some odd traffic. Matt Linton (Dec 12)
- Re: Some odd traffic. twig les (Dec 12)
- Upgrading Snortalog.pl v1.9 to v2.0.0??? Snortty (Dec 16)
- Re: Upgrading Snortalog.pl v1.9 to v2.0.0??? jérémy chartier (Dec 16)
- oinkmaster.conf enterred disablesid - get enbalbed Snortty (Dec 16)
- Re: oinkmaster.conf enterred disablesid - get enbalbed Andreas Östling (Dec 16)
- Upgrading Snortalog.pl v1.9 to v2.0.0??? Snortty (Dec 16)
- Re: Some odd traffic. twig les (Dec 12)