Snort mailing list archives
Re: Fine tuning Snort
From: James Lay <jlay () slave-tothe-box net>
Date: Sat, 09 Oct 2010 08:19:40 -0600
Thanks Shawn....I suspect I will have to go to Pulled Pork at some time...I hope it's not too much of a hassle ;) James On 10/8/10 10:02 AM, "Jefferson, Shawn" <Shawn.Jefferson () bcferries com> wrote:
PulledPork has this functionality built in.. you can disable rules based on a PCRE. I don't run McAfee VirusScan for instance, so I can disable all current and all future rules for it. Also, it's currently being developed, unlike Oinkmaster. -----Original Message----- From: Josh Little [mailto:josh () zombietango com] Sent: Friday, October 08, 2010 6:09 AM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Fine tuning Snort I have a small tool written in Perl called Pigsty that will automate finding any sigs in your enabled ruleset that match a pattern. The tool will output a list of disablesid lines that you can then drop into your oinkmaster.conf file or have the tool directly append the file. This makes cleaning up your current rules much easier. You could probably modify the oinkmaster perl script to run Pigsty just after the latests sigs are downloaded and before the routine for commenting out disabled sids completes. Find it at http://zombietango.com/blog/tools/ ZT -------------------------------------------------------------------------- ---- Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Fine tuning Snort, (continued)
- Re: Fine tuning Snort waldo kitty (Oct 07)
- Re: Fine tuning Snort James Lay (Oct 08)
- Re: Fine tuning Snort ScottO (Oct 08)
- Re: Fine tuning Snort James Lay (Oct 08)
- Re: Fine tuning Snort Joel Esler (Oct 08)
- Re: Fine tuning Snort James Lay (Oct 08)
- Re: Fine tuning Snort waldo kitty (Oct 07)
- Re: Fine tuning Snort waldo kitty (Oct 08)
- Re: Fine tuning Snort James Lay (Oct 08)
- Re: Fine tuning Snort Jefferson, Shawn (Oct 08)
- Re: Fine tuning Snort James Lay (Oct 09)
- Re: Fine tuning Snort Joel Esler (Oct 09)