Snort mailing list archives
Re: [Emerging-Sigs] (no subject)
From: Jun Wan <junwei_wan () hotmail com>
Date: Tue, 30 Nov 2010 23:12:32 +0000
Hi Waldo, I use "skipfile emerging.conf" instead as I can't find the "ignore this file" section in oinkmaster. I checked emerging.conf this morning, all the modified/enabled rules seem to be retained , that' good. Many thanks Regards John
Date: Mon, 29 Nov 2010 20:29:39 -0500 From: wkitty42 () windstream net To: junwei_wan () hotmail com CC: snort-users () lists sourceforge net; emerging-sigs () emergingthreats net Subject: Re: [Emerging-Sigs] (no subject) On 11/29/2010 05:36, Jun Wan wrote:I think this may be because Oinkmaster downloads emerging.conf at 2:00 am every morning, so it overwrites the one I configured before, my questions would be: 1.) Is this the right way for Snort to use ET rules by modifying the emerging.conf as above (removing # from rules of virus, trojan, p2p etc) ? 2.) How can I keep the modified emerging.conf from being overwritten to a new downloaded one from ET? Any information and help would be much appreciated.just add emerging.conf to the oinkmaster "ignore this file" section and it won't be overwritten... there are several that oinkmaster is told to ignore... local.rules is one example ;)
------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (no subject) Jun Wan (Nov 29)
- Re: [Emerging-Sigs] (no subject) Joel Esler (Nov 29)
- ET rules in emerging.conf deactivated after updating via Oinkmaster&cron Jun Wan (Nov 29)
- Re: [Emerging-Sigs] (no subject) waldo kitty (Nov 29)
- Re: [Emerging-Sigs] (no subject) Jun Wan (Nov 30)
- Re: [Emerging-Sigs] (no subject) waldo kitty (Nov 30)
- Re: [Emerging-Sigs] (no subject) Jun Wan (Nov 30)