Snort mailing list archives
Re: Oinkmaster not seeing large SID file rules
From: James Lay <jlay () slave-tothe-box net>
Date: Wed, 18 Jun 2008 16:35:15 -0600
On 6/18/08 4:00 PM, "CunningPike" <cunningpike () gmail com> wrote:
How certain are you that the rulesets your are updating with Oinkmaster contain a rule with sid:100000137? CP
Yep: community-sid-msg.map:100000137 || COMMUNITY MISC BAD-SSL tcp detect
James Lay wrote:Hello! Oinkmaster doesn¹t seem to see large SID rules. Below is my disablesid line: disablesid 12488,100000137 And here¹s what I get from the oinkmaster report: Processing downloaded rules... disabled 1, enabled 0, modified 0, total=19680 Any way I can get it to see that second rule? Thanks. James
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Oinkmaster not seeing large SID file rules James Lay (Jun 18)
- Re: Oinkmaster not seeing large SID file rules CunningPike (Jun 18)
- Re: Oinkmaster not seeing large SID file rules James Lay (Jun 18)
- Re: Oinkmaster not seeing large SID file rules CunningPike (Jun 18)