Snort mailing list archives

RE: select rules

From: "McCammon, Keith" <Keith.McCammon () eadvancemed com>
Date: Thu, 13 Jun 2002 13:45:16 -0400

Rules can be called from an include, which tells Snort to follow the path to the rules file specified, and load it at 
initialization.  Rules can also be included in snort.conf directly.
 
If you want to deactivate a single rule within any list of rules, you can:
 
1) delete the rule and re-initialize Snort,
 
2) place a # in front of the rule, commenting it out, and re-initialize Snort, or
 
3) write a pass rule with the same properties in local.rules (or wherever you prefer), and re-initialize Snort with the 
-o option.
 
Cheers
 
Keith
 

-----Original Message-----
From: DoL [mailto:dwylau () netvigator com]
Sent: Thursday, June 13, 2002 1:30 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] select rules


Hi ALL
 
My understanding on rules is that "they are included in *.rules files".  But is there any way to deactivate / activate 
a particular rule instead of the whole .rules file?  Do I need to restart snort to make it effective?
 
Thanks
/dl

Current thread:

select rules DoL (Jun 13)
- <Possible follow-ups>
- RE: select rules McCammon, Keith (Jun 13)
  - Re: select rules DoL (Jun 13)
- SELECT RULES John Maestrale (Jun 13)