Snort mailing list archives
Re: Disabling rules without touching the originals
From: Andreas Östling <andreaso () it su se>
Date: Wed, 2 Jan 2002 11:31:15 +0100 (CET)
On Wed, 2 Jan 2002, Marcus Spading wrote:
Is commenting out a rule or changing the vars in a rule so it doesnt match anymore really the only way to archive this? How do you guys update and organize your rulesets then?
Hello, I don't know if its going to help you, but I wrote a little script (http://nitzer.dhs.org/oinkmaster/) to help me updating to the latest rules and disable the unwanted ones (by #commenting in the actual rules files). You could always give it a try if you want. (It's getting kind of old now though, and I'm currently modifying it to also update the SID map etc...) /Andreas _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Disabling rules without touching the originals Marcus Spading (Jan 02)
- Re: Disabling rules without touching the originals Andreas Östling (Jan 02)
- Re: Disabling rules without touching the originals Marcus Spading (Jan 02)
- Re: Disabling rules without touching the originals Brian (Jan 03)
- Re: Disabling rules without touching the originals Marcus Spading (Jan 03)
- Re: Disabling rules without touching the originals Marcus Spading (Jan 02)
- Re: Disabling rules without touching the originals Andreas Östling (Jan 02)