Snort mailing list archives
Re: Commented out rules.
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Fri, 20 Dec 2013 19:07:19 +0000
On 12/20/13, 2:03 PM, "SnortFan" <SnortFan () yahoo com> wrote:
I've noticed after pulling rules via pulled pork there are a lot of rules disabled that are not in a policy group. Does that mean I would need to list them individually in the enablesid.conf ? I'm trying to turn on all VoIP rules. I have them enabled in my snort.conf but most of them are Commented out in the snort.rules file.
You¹d need to at the rule file to enablesid.conf in pulledpork. That will turn them on by default when your run pulledpork.
Also are all the rules in the snort.rules files as opposed to separate rules files?
Yes, they are. This is the way that pulledpork works. -- Joel Esler Intelligence Lead Open Source Manager Vulnerability Research Team New Email: jesler () cisco com ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Commented out rules. SnortFan (Dec 20)
- Re: Commented out rules. Joel Esler (jesler) (Dec 20)
- Re: Commented out rules. Y M (Dec 20)
- Re: Commented out rules. SnortFan (Dec 21)