Re: Snort / Pulled Pork Confusion

["Lay, James" <james.lay () wincofoods com>]

From: Turnbough, Bradley E. [mailto:bturnbough () belcan com] 
Sent: Wednesday, October 03, 2012 2:59 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort / Pulled Pork Confusion

 

Guys,

 

I'm having a little trouble wrapping my head around the snort and pulled
pork interaction.  In the snort.conf file, the following rules are
defined (by default):

 

 

 

Brad,

 

You have to run it with:

 

   -k Keep the rules in separate files (using same file names as found
when reading)

 

Caveat is that it will rename the files...VRT-*.rules for official Snort
rules, and ET-.*.rules for ET rules.  If you're only running one
instance I would recommend just going with the snort.rules file, and
then adding any rulesets you don't want to use in the ignore= option in
your pulledpork.conf.  Hope that helps.

 

James

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!