Security Basics mailing list archives
Re: snort updates and changes to snort.conf
From: infolookup () gmail com
Date: Wed, 2 Jul 2008 21:19:27 +0000
------Original Message------ From: Joe Beasley Sender: listbounce () securityfocus com To: newsecurityguy Cc: security-basics () securityfocus com Sent: Jul 1, 2008 8:21 PM Subject: Re: snort updates and changes to snort.conf You don't have to put your snort.conf file in the same directory your *.rules files are in. I keep my snort.conf in /usr/local/snort-version/etc, and keep all the rules in /usr/local/snort-version/rules. All rule updates will have a new snort.conf (which is overwritten each time) in the rules directory, but I start snort with the conf file in the etc directory. On Sun, 2008-06-29 at 18:07 -0700, newsecurityguy wrote:
I know this is not really the place for this question but I have had no luck elsewhere. Currently, snort is set to update to the newest rule set on a daily basis, which is what I want. However, I also need to suppress some SIDS, which I have always done by editing the snort.conf file. When the updates occur, it appears as if snort.conf is overwritten with a new version, as the changes I make to the file do not last more than 24 hours before disappearing out of the snort.conf. Am I correct in assuming this is what is occurring? Is there any other way to easily suppress events without having to edit the file after each update?
Sent from my Verizon Wireless BlackBerry
Current thread:
- Re: snort updates and changes to snort.conf David J. Bianco (Jul 02)
- <Possible follow-ups>
- Re: snort updates and changes to snort.conf Joe Beasley (Jul 02)
- Re: snort updates and changes to snort.conf infolookup (Jul 02)
- Re: snort updates and changes to snort.conf newsecurityguy (Jul 11)