Snort mailing list archives
Re: More problems with pulledpork 0.6.0
From: JJC <cummingsj () gmail com>
Date: Fri, 1 Apr 2011 08:59:16 -0600
I"ll have to dig into this more, a few quick notes though.. - Are you actually using the modifysid? - Suricata does NOT have SO rules, so you don't need to define the path to the suricata.yaml file I'll have to setup a local rules copy and try to mimic what you are doing.. will take just a bit. JJC On Fri, Apr 1, 2011 at 8:45 AM, carlopmart <carlopmart () gmail com> wrote:
On 04/01/2011 04:39 PM, JJC wrote:Using your exact settings (for disablesid and dropsid) I am not able to reproduce the issue. Rule Stats.... New:-------0 Deleted:---0 Enabled Rules:----3509 Dropped Rules:----1799 Disabled Rules:---10211 Total Rules:------15519 Done Do you have an ips_policy value specified in your pulledpork.conf file? Can you provide to me your pulledpork.conf file and the runtime options that you are using? JJCI didn't have specified an ips policy. My pulledpork.conf: # My custom downloaded rules rule_url=http://mymirror.local.net/suricatasigs/|et.tar.gz|open # Paths defined temp_path=/tmp rule_path=/data/config/etc/suricata-inet/rules/all.rules local_rules=/data/config/etc/snort-common/rules/local.rules sid_msg=/data/config/etc/suricata-inet/sid-msg.map sid_changelog=/tmp/sid_changes_inet.log # Params for so_rules config_path=/data/config/etc/suricata-inet/suricata.yaml # Backup options backup=/data/config/etc/suricata-inet/rules/all.rules backup_file=/data/config/etc/ids-common/backup_rules/pp_ips-inet # Miscellaneous options enablesid=/data/config/etc/suricata-inet/pulledpork/enablesid.conf dropsid=/data/config/etc/suricata-inet/pulledpork/dropsid.conf disablesid=/data/config/etc/suricata-inet/pulledpork/disablesid.conf modifysid=/data/config/etc/suricata-inet/pulledpork/modifysid.conf version=0.6.0 And my command line: "pulledpork.pl -c /data/config/etc/suricata-inet/pulledpork/pulledpork.conf -d l" -- CL Martinez carlopmart {at} gmail {d0t} com
------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)