Snort mailing list archives
Re: Rule Management with two separate rulesets
From: JJC <cummingsj () gmail com>
Date: Tue, 16 Jul 2013 21:58:37 -0600
I would run two pulledpork.conf files and simply write the results to unique rules files.. ala vrt.rules and et.rules this also simplifies your snort.conf (one file kinda thing) JJC On Tue, Jul 16, 2013 at 9:08 PM, Steven McLaughlin <steve () lan com au> wrote:
Hi All, I am looking at testing emerging threats ruleset alongside snort rules. As far as directory structures are concerned is it best to have the rules in separate directories and run two separate instances of pulledpork? Or better to have both rule sets all in the one directory? The overlap could get complicated here with rule updates and snort conf files etc.. Is anyone else doing this? If so any advice? thanks, smc ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Rule Management with two separate rulesets Steven McLaughlin (Jul 16)
- Re: Rule Management with two separate rulesets JJC (Jul 16)
- Re: Rule Management with two separate rulesets waldo kitty (Jul 17)
- Re: Rule Management with two separate rulesets JJC (Jul 17)
- Re: Rule Management with two separate rulesets Joel Esler (Jul 17)