RE: RE: var HOME_NET and rule updates

["Noller, Gregory" <Noller2G () kochind com>]

 Thus, if I want to use the new rulesets, do I have to copy all the new
> rules inside the default directory or only change the RULE_PATH
> variable?
>
> Daniel


You can run a diff on the old_path and the new_path and it will tell you
what has changed.  Then just copy over the new files.

Or, you can just drop the updated rules files into the old path.  Path can
be set at command line runtime with the -c /path_to_snort.conf.  Snort.conf
can be in the same path as rules files, and will look in it's own dir for
rules_files.

Restart the service to start using the new rules.

So, you can start multiple instances of snort by just having multiple
ruleset paths:

#/usr/local/bin/snort -c /usr/local/snort/rules/eth0 -i eth0 -o -N
#/usr/local/bin/snort -c /usr/local/snort/rules/eth1 -i eth1 -o -N
#/usr/local/bin/snort -c /usr/local/snort/rules/eth2 -i eth2 -o -N



If there are new rules sets not listed in your snort.conf, you will need to
add them to the bottom of your snort.conf.




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users