Snort mailing list archives
Re: Snort 3 Config File Question (3)
From: wkitty42 () windstream net
Date: Tue, 25 Jul 2017 16:05:25 -0400
On 07/25/2017 10:49 AM, Jim Campbell wrote:
I looked at last night's unified2 output and found four sids being output; 116:408, 412, 414, and 444. I entered those into /etc/snort/disablesid.conf. Wasn't effective, even after restarting barnyard2. What program acts on disablesid.conf?
pulled pork applies the disable/enable/modify sid rules...the existing data will stay in the database unless you clear it out... barnyard doesn't know anything about the disable/enable/modify sid rules files...
--
NOTE: No off-list assistance is given without prior approval.
*Please keep mailing list traffic on the list unless*
*a signed and pre-paid contract is in effect with us.*
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort 3 Config File Question (3) Jim Campbell (Jul 24)
- Re: Snort 3 Config File Question (3) Victor Roemer via Snort-users (Jul 24)
- Re: Snort 3 Config File Question (3) Russ via Snort-users (Jul 24)
- Re: Snort 3 Config File Question (3) Noah Dietrich (Jul 24)
- Re: Snort 3 Config File Question (3) Jim Campbell (Jul 24)
- <Possible follow-ups>
- Re: Snort 3 Config File Question (3) Jim Campbell (Jul 24)
- Re: Snort 3 Config File Question (3) Jim Campbell (Jul 24)
- Re: Snort 3 Config File Question (3) Russ via Snort-users (Jul 24)
- Re: Snort 3 Config File Question (3) Jim Campbell (Jul 25)
- Re: Snort 3 Config File Question (3) wkitty42 (Jul 25)
- Re: Snort 3 Config File Question (3) Jim Campbell (Jul 24)