Snort mailing list archives
Re: More problems with pulledpork 0.6.0
From: carlopmart <carlopmart () gmail com>
Date: Fri, 01 Apr 2011 16:45:36 +0200
On 04/01/2011 04:39 PM, JJC wrote:
Using your exact settings (for disablesid and dropsid) I am not able to reproduce the issue. Rule Stats.... New:-------0 Deleted:---0 Enabled Rules:----3509 Dropped Rules:----1799 Disabled Rules:---10211 Total Rules:------15519 Done Do you have an ips_policy value specified in your pulledpork.conf file? Can you provide to me your pulledpork.conf file and the runtime options that you are using? JJC
I didn't have specified an ips policy. My pulledpork.conf: # My custom downloaded rules rule_url=http://mymirror.local.net/suricatasigs/|et.tar.gz|open # Paths defined temp_path=/tmp rule_path=/data/config/etc/suricata-inet/rules/all.rules local_rules=/data/config/etc/snort-common/rules/local.rules sid_msg=/data/config/etc/suricata-inet/sid-msg.map sid_changelog=/tmp/sid_changes_inet.log # Params for so_rules config_path=/data/config/etc/suricata-inet/suricata.yaml # Backup options backup=/data/config/etc/suricata-inet/rules/all.rules backup_file=/data/config/etc/ids-common/backup_rules/pp_ips-inet # Miscellaneous options enablesid=/data/config/etc/suricata-inet/pulledpork/enablesid.conf dropsid=/data/config/etc/suricata-inet/pulledpork/dropsid.conf disablesid=/data/config/etc/suricata-inet/pulledpork/disablesid.conf modifysid=/data/config/etc/suricata-inet/pulledpork/modifysid.conf version=0.6.0 And my command line: "pulledpork.pl -c /data/config/etc/suricata-inet/pulledpork/pulledpork.conf -d l" -- CL Martinez carlopmart {at} gmail {d0t} com ------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)