Snort mailing list archives
Re: oinkmaster.conf enterred disablesid - get enbalbed
From: Andreas Östling <andreaso () it su se>
Date: Tue, 16 Dec 2003 22:42:15 +0100 (CET)
On Tue, 16 Dec 2003, Snortty wrote:
I tried to diable some rules by put # in frot of the rule (here is in the icmp.rule file), and enter it in the oinkmaster.conf at the bottom of the file as: disablesid 485 Then, I just run it simply: oinkmaster-0.8# oinkmaster.pl -o /snort/snort-2.0.1/rules/ to see if the change in rule.icmp will be overwritten. It got overwritten after I run it, and output shows:
... It sounds like you're doing it right, so the only theory I can come up with right now is that you're editing a different oinkmaster.conf than the one Oinkmaster is using (/usr/local/etc/oinkmaster.conf by default in 0.8, which you can override with -C <file>). Maybe you edited the one in the current directory instead? If this isn't it, I'd suggest that you run in verbose mode (-v) to have Oinkmaster tell you which rules it modifies and see if it mentions SID 485. Maybe you could also upgrade to Oinkmaster 0.9 which is even more noisy/helpful in verbose mode. /Andreas ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Some odd traffic. Matt Linton (Dec 12)
- Re: Some odd traffic. twig les (Dec 12)
- Upgrading Snortalog.pl v1.9 to v2.0.0??? Snortty (Dec 16)
- Re: Upgrading Snortalog.pl v1.9 to v2.0.0??? jérémy chartier (Dec 16)
- oinkmaster.conf enterred disablesid - get enbalbed Snortty (Dec 16)
- Re: oinkmaster.conf enterred disablesid - get enbalbed Andreas Östling (Dec 16)
- Upgrading Snortalog.pl v1.9 to v2.0.0??? Snortty (Dec 16)
- Re: Some odd traffic. twig les (Dec 12)