Re: Disabling rules without touching the originals

[Brian <bmc () snort org>]

According to Marcus Spading:
> * Andreas Östling <andreaso () it su se> [020103 07:36]:
> > > Is commenting out a rule or changing the vars in a rule so it doesnt match
> > > anymore really the only way to archive this? How do you guys update and
> > > organize your rulesets then?
> > I don't know if its going to help you, but I wrote a little script
> > (http://nitzer.dhs.org/oinkmaster/) to help me updating to the latest
> > rules and disable the unwanted ones (by #commenting in the actual rules
> > files). You could always give it a try if you want.
>
> Thanks. I will have at look at it. Maybe it does what I want, but
> commenting out rules I do not want isn't the way I wanted to go. 

Why?  If you want to disable the signature, then commenting it out
will speed up snort and it will make sure that other signatures that
come after the signature you disable will still fire.

-- 
Yeah, well, uh, just keep your Power Gloves off her, pal, huh?


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users