Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: select rules

From: "DoL" <dwylau () netvigator com>
Date: Fri, 14 Jun 2002 09:56:03 +0800
Thankyou all.
  ----- Original Message ----- 
  From: McCammon, Keith 
  To: DoL ; snort-users () lists sourceforge net 
  Sent: Friday, June 14, 2002 1:45 AM
  Subject: RE: [Snort-users] select rules


  Rules can be called from an include, which tells Snort to follow the path to the rules file specified, and load it at 
initialization.  Rules can also be included in snort.conf directly.

  If you want to deactivate a single rule within any list of rules, you can:

  1) delete the rule and re-initialize Snort,

  2) place a # in front of the rule, commenting it out, and re-initialize Snort, or

  3) write a pass rule with the same properties in local.rules (or wherever you prefer), and re-initialize Snort with 
the -o option.

  Cheers

  Keith

    -----Original Message-----
    From: DoL [mailto:dwylau () netvigator com]
    Sent: Thursday, June 13, 2002 1:30 PM
    To: snort-users () lists sourceforge net
    Subject: [Snort-users] select rules


    Hi ALL

    My understanding on rules is that "they are included in *.rules files".  But is there any way to deactivate / 
activate a particular rule instead of the whole .rules file?  Do I need to restart snort to make it effective?

    Thanks
    /dl
Previous By Date Next
Previous By Thread Next

Current thread: