Snort mailing list archives
Re: How to enable ALL rules when Pulledpork is ran?
From: Shirkdog <shirkdog () gmail com>
Date: Mon, 8 Feb 2016 10:02:33 -0500
I did not get a chance to respond to Michael's off-list email, I had forgotten I came up with trick, and I will add it to the enablesid.conf file so it is never forgotten :) --- Michael Shirk On Mon, Feb 8, 2016 at 9:51 AM, Y M <snort () outlook com> wrote:
Add "pcre:." minus the quotes to your enablesid.conf, thanks to shirkdog, mentioning it some time back. YM Sent from Mobile On Mon, Feb 8, 2016 at 6:41 AM -0800, "Michael Steele" <michaels () winsnort com> wrote: I’m trying to figure out how to activate all the rules (for temp testing purposes) when PP is ran. I’m using the –nPT as the switches when I run PP on a ruleset that is current. All rules are located in the snort.rules file. Everything is processing normally using the ips_policy=security switch. Thanks… ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- How to enable ALL rules when Pulledpork is ran? Michael Steele (Feb 08)
- Re: How to enable ALL rules when Pulledpork is ran? Y M (Feb 08)
- Re: How to enable ALL rules when Pulledpork is ran? Shirkdog (Feb 08)
- Re: How to enable ALL rules when Pulledpork is ran? Michael Steele (Feb 08)
- Re: How to enable ALL rules when Pulledpork is ran? Y M (Feb 08)