Snort mailing list archives
Re: Disabling Snort signatures with Oinkmster
From: John Gay <john.gay () sourcefire com>
Date: Wed, 29 Dec 2010 12:30:30 -0500
On Wed, Dec 29, 2010 at 12:16 PM, J. L. Cabral <jelocabral () gmail com> wrote:
Dear, I have Snort 2.9 running with some signatures disabled from the rules I download via Oinkmaster. The problem is that every time Oinkmaster download new rules, the signatures I've disables with "#" become enable again. How can I do to tell Oinkmaster not to disable some signatures I choose ??? Thanks a lot, JeLo ------------------------------------------------------------------------------
Identify the sid of the rules that need to be deactivated and list them in the oinkmaster.conf like the following example. disablesid SID1, SID2, SID3, ... Also you may want to upgrade to PulledPork. It is the new standard for rule updating! John
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Disabling Snort signatures with Oinkmster J. L. Cabral (Dec 29)
- Re: Disabling Snort signatures with Oinkmster John Gay (Dec 29)
- Re: Disabling Snort signatures with Oinkmster Weir, Jason (Dec 29)
- Re: Disabling Snort signatures with Oinkmster J. L. Cabral (Dec 30)
- Re: Disabling Snort signatures with Oinkmster waldo kitty (Dec 30)
- Re: Disabling Snort signatures with Oinkmster J. L. Cabral (Dec 30)