Snort mailing list archives
Re: Diff'ing rulesets
From: Wolfgang Rohdewald <wr6 () uni de>
Date: Tue, 8 Jan 2002 13:23:44 +0100
On Tuesday 08 January 2002 10:45, Lars Jørgensen IT wrote:
Hi! I am currently writing af script for automatic download of new rulefiles, unpacking and diffing against my current sets. Of course, diff catches my changes to the rulesets, which is okay, but I would like it not to catch rules I have commented out. I've been banging my head against diff's "-I" switch for some time now. According to docs I can find around the net, this should work: diff --ignore-matching-lines='^#.alert' dns.rules /etc/snort/dns.rules But I get the output below, which is exacly what I don't want to see. Can anybody help me? 17,21c17,21 < alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"DNS EXPLOIT x86 ---# alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"DNS EXPLOIT x86
Why don't you do cat /etc/snort/rules | sed 's/# alert /alert/' > myrules diff dns.rules myrules _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Diff'ing rulesets Lars Jørgensen IT (Jan 08)
- RST.B / EGP Ian Cudlip (Jan 08)
- Re: RST.B / EGP Ryan Russell (Jan 08)
- Re: Diff'ing rulesets Wolfgang Rohdewald (Jan 08)
- My ruleset differ/merg0r :-) Edwin Eefting (Jan 08)
- RE: Diff'ing rulesets Andy Wood (Jan 08)
- Re: Diff'ing rulesets Chr. v. Stuckrad (Jan 08)
- RST.B / EGP Ian Cudlip (Jan 08)