Re: Commented out rules.

["Joel Esler (jesler)" <jesler () cisco com>]

On 12/20/13, 2:03 PM, "SnortFan" <SnortFan () yahoo com> wrote:

> I've noticed after pulling rules via pulled pork there are a lot of rules
> disabled that are not in a policy group. Does that mean I would need to
> list them individually in the enablesid.conf ?  I'm trying to turn on all
> VoIP rules. I have them enabled in my snort.conf but most of them are
> Commented out in the snort.rules file.

You¹d need to at the rule file to enablesid.conf in pulledpork.  That will
turn them on by default when your run pulledpork.


> Also are all the rules in the snort.rules files as opposed to separate
> rules files?

Yes, they are.  This is the way that pulledpork works.

--
Joel Esler
Intelligence Lead
Open Source Manager
Vulnerability Research Team
New Email: jesler () cisco com


------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!