Re: Disabling Snort signatures with Oinkmster

[John Gay <john.gay () sourcefire com>]

On Wed, Dec 29, 2010 at 12:16 PM, J. L. Cabral <jelocabral () gmail com> wrote:

> Dear, I have Snort 2.9 running with some signatures disabled from the
> rules I download via Oinkmaster.
>
> The problem is that every time Oinkmaster download new rules, the
> signatures I've disables with "#" become enable again.
>
> How can I do to tell Oinkmaster not to disable some signatures I choose ???
>
> Thanks a lot,
>
> JeLo
>
>
> ------------------------------------------------------------------------------

Identify the sid of the rules that need to be deactivated and list them in
the oinkmaster.conf like the following example.

disablesid SID1, SID2, SID3, ...

Also you may want to upgrade to PulledPork. It is the new standard for rule
updating!

John

------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users