Snort mailing list archives
Re: Anyone else seeing lots of 129 20 this am?
From: Brian Cole via Snort-users <snort-users () lists snort org>
Date: Tue, 3 Sep 2019 19:13:20 +0000
The pulledpork.conf file says that it *should* be updating the preprocessor.rules file, as far as I can tell. Here is a snippet from mine: # Specify rule categories to ignore from the tarball in a comma separated list # with no spaces. There are four ways to do this: # 1) Specify the category name with no suffix at all to ignore the category # regardless of what rule-type it is, ie: netbios # 2) Specify the category name with a '.rules' suffix to ignore only gid 1 # rulefiles located in the /rules directory of the tarball, ie: policy.rules # 3) Specify the category name with a '.preproc' suffix to ignore only # preprocessor rules located in the /preproc_rules directory of the tarball, # ie: sensitive-data.preproc # 4) Specify the category name with a '.so' suffix to ignore only shared-object # rules located in the /so_rules directory of the tarball, ie: netbios.so # The example below ignores dos rules wherever they may appear, sensitive- # data preprocessor rules, p2p so-rules (while including gid 1 p2p rules), # and netbios gid-1 rules (while including netbios so-rules): # ignore = dos,sensitive-data.preproc,p2p.so,netbios.rules # These defaults are reasonable for the VRT ruleset with Snort 2.9.0.x. ignore=deleted.rules,experimental.rules,local.rules ...brian _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Re: Anyone else seeing lots of 129 20 this am?, (continued)
- Re: Anyone else seeing lots of 129 20 this am? Joel Esler (jesler) via Snort-users (Aug 30)
- Re: Anyone else seeing lots of 129 20 this am? James Lay via Snort-users (Aug 30)
- Re: Anyone else seeing lots of 129 20 this am? Joel Esler (jesler) via Snort-users (Aug 30)
- Re: Anyone else seeing lots of 129 20 this am? James Lay via Snort-users (Sep 02)
- Re: Anyone else seeing lots of 129 20 this am? Brian Cole via Snort-users (Sep 04)
- Re: Anyone else seeing lots of 129 20 this am? Joel Esler (jesler) via Snort-users (Sep 03)
- Re: Anyone else seeing lots of 129 20 this am? James Lay via Snort-users (Sep 03)
- Re: Anyone else seeing lots of 129 20 this am? Joel Esler (jesler) via Snort-users (Sep 03)
- Re: Anyone else seeing lots of 129 20 this am? Joel Esler (jesler) via Snort-users (Sep 03)
- Re: Anyone else seeing lots of 129 20 this am? James Lay via Snort-users (Sep 03)
- Re: Anyone else seeing lots of 129 20 this am? Brian Cole via Snort-users (Sep 04)
- Re: Anyone else seeing lots of 129 20 this am? Brian Cole via Snort-users (Sep 04)
- Re: Anyone else seeing lots of 129 20 this am? Joel Esler (jesler) via Snort-users (Sep 03)
- Re: Anyone else seeing lots of 129 20 this am? Brian Cole via Snort-users (Sep 04)
- Re: Anyone else seeing lots of 129 20 this am? Joel Esler (jesler) via Snort-users (Sep 03)
- Re: Anyone else seeing lots of 129 20 this am? Gordon Wallum via Snort-users (Sep 03)