Snort mailing list archives
Re: Pulled Pork 0.7.2 Policies not working
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 23 Jan 2017 14:37:13 +0000
So, you are good to go then? -- Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com> On Jan 22, 2017, at 6:42 PM, Michael Steele <michaels () winsnort com<mailto:michaels () winsnort com>> wrote: Darn, I no sooner sent this out and remembered that I activated all the rules so the policies wouldn’t process no matter what they were set too…. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= I’m testing Pulled Pork on a slave sensor using –nPT to bypass the signature file. I’ve tried setting the policy using Balanced and Security. When the balanced policy is ran the output says it Modified 19004 rules. However the stats at the end never changes. It fails to update the .rules file with the changes. After running each of the policies I save the .rules file from each run, and they are identical. Attached is the output from each run. I’m not seeing anything. Maybe this is a problem others are having but not noticing? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Thanks… <Security.txt><Balanced.txt>------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org<http://slashdot.org/>! http://sdm.link/slashdot_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Pulled Pork 0.7.2 Policies not working Michael Steele (Jan 22)
- Re: Pulled Pork 0.7.2 Policies not working Joel Esler (jesler) (Jan 23)
- <Possible follow-ups>
- Pulled Pork 0.7.2 Policies not working Michael Steele (Jan 22)