Snort mailing list archives
Re: Commented out rules.
From: SnortFan <SnortFan () yahoo com>
Date: Sat, 21 Dec 2013 09:04:42 -0500
Thanks Y M and Joel,
That worked!
Ed
Sent from a mobile device.
On Dec 20, 2013, at 2:15 PM, Y M <snort () outlook com> wrote: You can specify protocol-voip in your enablesid.conf instead of individually listing sids. The enablesid.conf file has documentation of what can be used to enable rules, categories, etc. As for the snort.rules file, it depends. If you use the -E with your pulledpork command, then only the enabled rules will be there. If not, then all of the rules, including the disabled ones will be there. YMFrom: SnortFan () yahoo com Date: Fri, 20 Dec 2013 14:03:02 -0500 To: snort-users () lists sourceforge net Subject: [Snort-users] Commented out rules. I've noticed after pulling rules via pulled pork there are a lot of rules disabled that are not in a policy group. Does that mean I would need to list them individually in the enablesid.conf ? I'm trying to turn on all VoIP rules. I have them enabled in my snort.conf but most of them are Commented out in the snort.rules file. Also are all the rules in the snort.rules files as opposed to separate rules files? Thanks, Ed Sent from a mobile device. ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Commented out rules. SnortFan (Dec 20)
- Re: Commented out rules. Joel Esler (jesler) (Dec 20)
- Re: Commented out rules. Y M (Dec 20)
- Re: Commented out rules. SnortFan (Dec 21)