Re: (no subject)

[waldo kitty <wkitty42 () windstream net>]

On 3/1/2011 16:36, Alan Ptak wrote:
> And the obligatory follow-up and shameless promotion for pulledpork (http://code.google.com/p/pulledpork/) follows:
>
> If you use pulledpork (http://code.google.com/p/pulledpork/) to manage your snort rules, it will automatically enable 
> the rules needed to set any flowbits needed.

shouldn't this be selectable somehow? perhaps the flowbits setting rules were 
deactivated by the publisher for some special reason and one may not want all of 
them enabled... for instance, i record some ~12 flowbits setting rules /still/ 
deactivated in the 2.8.6.1 ruleset... while i may not want all of them 
activated, i may desire only a couple of them...

so, two questions...

1. why are the rules that use these flowbits not also commented out in the 
2.8.6.1 ruleset? it has been "a month or two" since the situation was brought 
up... yes, this question is actually for the VRT folks...

2. how can/does PP handle the possibility of enabling only one or two of the 
flowbits setting rules if not all of them are desired to be enabled?


------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in 
Real-Time with Splunk. Collect, index and harness all the fast moving IT data 
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business 
insights. http://p.sf.net/sfu/splunk-dev2dev 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users