Re: signature and classifications

[Andreas Östling <andreaso () it su se>]

On Fri, 22 Aug 2003, lee leahu wrote:

> I dont really enjoy having oinkmaster overwriting my custom entries in
> the classification.config and sig-msg.map files.
>
> Is there a way to put my custom entries in one file and let oinkmaster
> updated the other files so that I can also be up-to-date on the
> classifications and sig-msg ?

You can do as Erek said (except that the sid msg map should not be
included in snort.conf :)). I do it another way with the sid msg map by
using "skipfile sid-msg.map" to make oinkmaster not touch that file and
then generate it myself out from both the snort.org rules and my local
rules.

There is no way to merge files with oinkmaster so for local entries in
files like classification.config it's probably easiest to include a
separate file from snort.conf like Erek said (which is the way I'd prefer
to have things anyway), or simply merge them in with a script after each
update.

/Andreas


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users