Snort mailing list archives
Re: quick question about snort.conf
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 24 Oct 2012 11:12:21 -0400
We are currently working on a solution that should solve this issue. On Oct 24, 2012, at 6:41 AM, Peter Bates <peter.bates () ucl ac uk> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all On 23/10/2012 23:06, Jeremy Hoel wrote:The rules file you get still has all the rules in the little groups. That's still the official way.I've mentioned this before - but for the acolyte/Snort beginner it might be more useful if the snort.conf in the tarball didn't 'include' a load of rule files that don't actually ship in the tarball itself. I know very well *why* the rules are not included - but as it stands if you download Snort and are faced with a bunch of errors primarily because it has references to files you're meant to acquire by another route. The default snort.conf comments out the preprocessor rules (which are in the tarball) and the SO rules - so why not comment out the standard rules lines - - or include 'local.rules' and comment out the rest? Or why not generate combined tarballs for registered/subscription users that contain the source and rules to get people started? This problem seems to pop up from time to time - combined with when a new Snort is released and there are no SO rules for registered users until the 30 day limit is reached. If we've been doing this for a while then we understand the reasons and know the solutions - I was just trying to be Devil's Advocate and reduce new user confusion. - -- Peter Bates Senior Information Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQEcBAEBAgAGBQJQh8XgAAoJELhVoVpEMS6RIrgH/Rd3IJOHVhKpKmsLR7Hjalwy tjNTzOwNvpYdLkLvBrOBPOLjblDA3V6TqmFFKOtafox6EXyjSBePGK7hI3pRwUe3 kEuGBmtkY1TwdivYCKQBdSboLlDB34seddksN37GtqFVSM040gDA3NUGynXONnHD T0AYJkgmDegAaTw31a2F+INYt7m5ccmWDTpnIAdT1iz08Imrxqfr9GJIGYtxaaOL wigFBUy7e+wpdRuCGEnUuEbCM+ch6uaZqn/wqzql/gZNUMmFtAlwt7/zo4UCcL5X 1vX7t8sTFVCW3NyZZOrryHJJJgGXmv7/uuZwbMB4qck/+i2OOrSS0Kj9ZC+HS6o= =Va32 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- quick question about snort.conf AllowOverride (Oct 23)
- Re: quick question about snort.conf Jeremy Hoel (Oct 23)
- Re: quick question about snort.conf Joel Esler (Oct 23)
- Re: quick question about snort.conf Peter Bates (Oct 24)
- Re: quick question about snort.conf Joel Esler (Oct 24)
- Re: quick question about snort.conf Jeremy Hoel (Oct 23)