Re: Manifest file without shared memory in reputation preprocessor

["Hui Cao (huica)" <huica () cisco com>]

Currently, manifest is tied to shared memory.
You can let each snort instance load from different folder and load as blacklist.  For the blacklist alert, replace 
drop with alert action.

Best,
Hui.

From: Eugenio Pérez <eupm90 () gmail com<mailto:eupm90 () gmail com>>
Date: Monday, May 12, 2014 at 12:23 PM
To: "snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>" <snort-users () lists 
sourceforge net<mailto:snort-users () lists sourceforge net>>
Subject: [Snort-users] Manifest file without shared memory in reputation preprocessor

Hi all. Is there any way to use the manifest file without using shared memory?

The problem is I have various snort instances in the same machine, and they could have different reputation rules each 
one. Also, I want to use the 'monitor' type, that I only can use in manifest file.

Any idea? Thanks and regards.

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!