Snort mailing list archives
Re: Duplicate rules & rule parser
From: Peter Bates <peter.bates () ucl ac uk>
Date: Thu, 24 Oct 2013 10:38:35 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all On 23/10/2013 19:41, Anshuman Anil Deshmukh wrote:
Oddities I can see: 1) You've defined a reg-rules rule_url and the community-rules. [Anshuman] Yes, I am a registered user. So in that case do you mean to say that both community & registered user rules doesn't work together and hence rather than using both of them, either one of them should be used?
If you see Joel's earlier comments - it shouldn't matter if you run both. Personally I'm just using the registered user rules.
2) You've put a fixed Snort version (2.9.5.0) into the reg-rules rule_url [Anshuman] I request you to kindly send me the correct URL meant for registered users
The correct URL is in the default pulledpork.conf that comes with PP 0.7.0. It reads: rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode> As you might guess, you have to replace <oinkcode> with your oinkcode, so for example: rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|1bf0c204e1ff27e7ebacdeadbeefc0de - -- Peter Bates Senior Information Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSaOqbAAoJELhVoVpEMS6R+1IH/3aa1r7W91vETkzuAP2B80uz GErtJot9PHASJJYRVhwfiUStEJ8omVgq42w7fH6PmMHaNm6cXWUI2oa7OYhFGw7n J2wGaVE5285Tzz8ldqneWQcW3sOyjVkDiPRtdxyesS/m6h2PI+8yP6NkFQoXCTRl SgZ6+hR/SQV5ZoVHFLgCWKQe8lxGe/8mTiPQ1qDZB/E3/93pW5K5+ySHuvAYfPVC 16m3Dw+IAdQ0a2SJEBS2gKZ8AW65tTTLdPcy7wclacnRiWhW7PzEbSFWR3nPp1aU v+A/2vklNOECvT7GqDiazsDuKE+cG3dqx0OQuJX4QV++Uf9nOjenBf29uR1fuB0= =+M4n -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Duplicate rules & rule parser, (continued)
- Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 23)
- Re: Duplicate rules & rule parser JJ Cummings (Oct 23)
- Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 23)
- Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 24)
- Re: Duplicate rules & rule parser Joel Esler (Oct 25)
- Re: Duplicate rules & rule parser JJC (Oct 25)
- Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 26)
- Re: Duplicate rules & rule parser Eric G (Oct 26)
- Re: Duplicate rules & rule parser Joel Esler (Oct 26)
- Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 27)
- Re: Duplicate rules & rule parser Anshuman Anil Deshmukh (Oct 23)
- Re: Duplicate rules & rule parser Peter Bates (Oct 24)