Snort mailing list archives
How to activate all rules using PulledPork?
From: "Michael Steele" <michaels () winsnort com>
Date: Thu, 20 Feb 2014 14:14:30 -0500
I've been trying to get PulledPork to enable all rules, and so far all help has stalled in the PulledPork Google Groups. I'm told by JJ that it is possible, and he has instructed me to add add <PCRE wildcard "."> (everything between the <>) to the enablesid.conf, and all the alerts would be activated. I'm having no problems processing rules any one of the three IP_Policy settings Hopefully someone has a solution to this? Here is my pulledpork.conf: # Config file for pulledpork rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<REDACT ED> rule_url=https://s3.amazonaws.com/snort-org/www/rules/community/|community-r ules.tar.gz|Community rule_url=http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open rule_url=https://www.snort.org/reg-rules/|opensource.gz|<REDACTED> temp_path=d:\winids\pulledpork\temp rule_path=d:\winids\snort\rules\winids.rules local_rules=d:\winids\snort\rules\local.rules sid_msg=d:\winids\snort\etc\sid-msg.map sid_msg_version=1 sid_changelog=d:\winids\snort\log\sid_changes.log sorule_path=/usr/local/lib/snort_dynamicrules/ snort_path=/usr/local/bin/snort config_path=/usr/local/etc/snort/snort.conf distro=FreeBSD-8.1 docs=d:\winids\Apache24\htdocs\base\signatures\ snort_version=2.9.5.6 enablesid=d:\winids\pulledpork\etc\enablesid.conf dropsid=d:\winids\pulledpork\etc\dropsid.conf disablesid=d:\winids\pulledpork\etc\disablesid.conf modifysid=d:\winids\pulledpork\etc\modifysid.conf ips_policy=security version=0.7.0 Here is my enablesid.conf: # example enablesid.conf v3.1 PCRE wildcard "." Here is my run line: pulledpork.pl -c d:\winids\pulledpork\etc\pulledpork.conf -vT TIA... Michael...
------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- How to activate all rules using PulledPork? Michael Steele (Feb 20)
- Re: How to activate all rules using PulledPork? SnortFan (Feb 20)
- Message not available
- Re: How to activate all rules using PulledPork? SnortFan (Feb 24)
- Message not available
- Re: How to activate all rules using PulledPork? SnortFan (Feb 20)