Snort mailing list archives
Re: Only local.rules
From: Nicholas Horton <fivetenets () me com>
Date: Wed, 12 Jun 2013 21:08:55 -0400
I have a live snort box but I I am trying to test barnyard performance over the wan. I have a ping rule in local.rules where I listen to a unique IP address. As that pings I use the u2spewfu and odlaw to check the performance over 5 mins. After this test I want to go back to a full functioning snort box. What I did was copy snort.conf into testsnort.conf and cut out section 5 of the config file. Run snort manually using the testsnort.conf and after the test delete it and start up snort using service snortd start. Seemed to work. Nick On Jun 12, 2013, at 8:48 PM, Joel Esler <jesler () sourcefire com> wrote:
Don't download any rules in the first place? -- Joel Esler Sent from my iPad On Jun 12, 2013, at 12:15 PM, Nicholas Horton <fivetenets () me com> wrote:What's the easiest way to disable all rules (preprocessor, text, so, etc) and only use the local.rules file? Nick ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Only local.rules Nicholas Horton (Jun 12)
- Re: Only local.rules Christian Mahlig (Jun 12)
- Re: Only local.rules waldo kitty (Jun 12)
- Re: Only local.rules Nicholas Horton (Jun 12)
- Re: Only local.rules JJ Cummings (Jun 12)
- Re: Only local.rules Nicholas Horton (Jun 12)
- Re: Only local.rules Joel Esler (Jun 12)
- Re: Only local.rules Nicholas Horton (Jun 12)
- <Possible follow-ups>
- Re: Only local.rules Y M (Jun 12)