Re: problems with PP

[Peter Bates <peter.bates () ucl ac uk>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 14/09/2012 14:30, Pratik Narang wrote:
> I put that sig id into my disablesid.conf, but i continue to get
> the alerts. What could be wrong here? What is the correct way of
> putting the sids- 16282, 1:16282, or 1:16282:3 ? I also tried
> putting the category 'VRT-p2p' in disablesid.conf, but no avail :(

You want

1:16282

The category line *should* work though.

What do you have for

state_order

and

disablesid

in pulledpork.conf?

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division       Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQUzUoAAoJELhVoVpEMS6RejEH/RY0oExxgp/aLvg1rbC46PTh
llAIjVSGpicewqbtZ/hyRXPnAwZ3XGY7gIts0XNwwW7OWDSE+OPZd45EiUGmAn4E
4T0agqw/X2b9wATHFCOlZy9JBvQlw8YlY/UsK27/ADnilSJh8iQsf6obZxZCo9BB
4pWGVvKXK78JR9K86iitHEdzcjlsJniRVUws0ZbWr4PB3mGMlpurMV/MaOyd9SwD
NwtmpPbq0Dm+nOmc1VEyIvSGBD0+iF23S3FB90Irj7EKcEC/RZ7eRvRj7iPnJoTh
VvrLyWSCcrEjpJyHKtyerl9HUURIo2WVidgFmjwWlwPppFDeFhLfHF3xGTYyUn4=
=j0ar
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!