Packet Replace Mode

[Kerry Forbes <surfsouth () gmail com>]

Hey there... 
I have a fully functional GenII honeynet, with honeywall and 2 honeypots. Basically based on the Know Your Enemy second 
edition book.

It has been running for over 2 weeks and the snort inline rules are set to the default Packet Drop Mode (PDM), but Im 
ready now to change my inline rules to packet replace mode.. PRM... and I've used brian caswell's perl script 
snortconfig, and havn't had any luck.  Basically it wont accept my config file I created.

My question is to anyone who's gone ahead and changed their rules to PRM, how exactly did you get them changed without 
doing it all by hand. Any help would really be apreciated.

Thanks in advance

Kerry

PS... Here is the config file I madeup just as suggested in the manual.

[files]
replace_or_drop: dos.rules, ddos.rules, backdoor.rules, exploit.rules, web-attacks.rules, virus.rules, shellcode.rules, 
mysql.rules, sql.rules, attack-responses.rules, misc.rules, imap.rules, pop2.rules, pop3.rules, snmp.rules, 
web-cgi.rules, web-client.rules, web-coldfusion.rules, web-frontpage.rules, web-iis.rules, web-misc.rules, web-php.rules

log: deleted.rules, scan.rules, chat.rules, netbios.rules, info.rules, finger.rules, ftp.rules, icmp-info.rules, 
multimedia.rules, policy.rules, porn.rules, rservices.rules, telnet.rules, tftp.rules, ftp.rules

drop: p2p.rules, x11.rules