Snort mailing list archives
Re: [Emerging-Sigs] (no subject)
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 30 Nov 2010 19:22:09 -0500
On 11/30/2010 18:12, Jun Wan wrote:
Hi Waldo, I use "skipfile emerging.conf" instead as I can't find the "ignore this file" section in oinkmaster.
that's it! i was coming off of a 12 hour shift when i wrote that... there's several of those entries pretty close together and that was what i was referencing... i'm glad you found it ;)
I checked emerging.conf this morning, all the modified/enabled rules seem to be retained , that' good.
YAY!
Many thanks
you are welcome ;)
Regards John > Date: Mon, 29 Nov 2010 20:29:39 -0500 > From: wkitty42 () windstream net > To: junwei_wan () hotmail com > CC: snort-users () lists sourceforge net; emerging-sigs () emergingthreats net > Subject: Re: [Emerging-Sigs] (no subject) > > On 11/29/2010 05:36, Jun Wan wrote: > > I think this may be because Oinkmaster downloads emerging.conf at 2:00
am every
> > morning, so it overwrites the one I configured before, my questions
would be:
> > > > 1.) Is this the right way for Snort to use ET rules by modifying the > > emerging.conf as above (removing # from rules of virus, trojan, p2p etc) ? > > > > 2.) How can I keep the modified emerging.conf from being overwritten to
a new
> > downloaded one from ET? > > > > Any information and help would be much appreciated. > > just add emerging.conf to the oinkmaster "ignore this file" section and it
won't
> be overwritten... there are several that oinkmaster is told to ignore... > local.rules is one example ;)
------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (no subject) Jun Wan (Nov 29)
- Re: [Emerging-Sigs] (no subject) Joel Esler (Nov 29)
- ET rules in emerging.conf deactivated after updating via Oinkmaster&cron Jun Wan (Nov 29)
- Re: [Emerging-Sigs] (no subject) waldo kitty (Nov 29)
- Re: [Emerging-Sigs] (no subject) Jun Wan (Nov 30)
- Re: [Emerging-Sigs] (no subject) waldo kitty (Nov 30)
- Re: [Emerging-Sigs] (no subject) Jun Wan (Nov 30)