Snort mailing list archives
Re: More problems with pulledpork 0.6.0
From: JJC <cummingsj () gmail com>
Date: Fri, 1 Apr 2011 09:26:10 -0600
Ok, I see the problem... PP has no way of knowing that the rules you are putting on your custom-url-server are ET rules (it determines if it's VRT or ET based on the source url), thus the other errors (in your bug) that you are reporting and the behavior that you see. If you remove the ET- from your dropsid and disablesid config. I will be publishing a bugfix today for that (0.6.1) that will fix both issues, but require you to use Custom-<category> when retrieving from a purely custom url, such as you are doing. JJC On Fri, Apr 1, 2011 at 9:03 AM, JJC <cummingsj () gmail com> wrote:
Please also comment out the modifysid.conf line also... more info to come JJC On Fri, Apr 1, 2011 at 9:03 AM, carlopmart <carlopmart () gmail com> wrote:On 04/01/2011 04:59 PM, JJC wrote:I"ll have to dig into this more, a few quick notes though.. * Are you actually using the modifysid? * Suricata does NOT have SO rules, so you don't need to define the path to the suricata.yaml file I'll have to setup a local rules copy and try to mimic what you are doing.. will take just a bit. JJCOk, I have disabled config_path variable. I don't use modifysid option ... Thanks JJC. -- CL Martinez carlopmart {at} gmail {d0t} com
------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)