RE: Updating Rules?

["AJ Butcher, Information Systems and Computing" <Alex.Butcher () bristol ac uk>]

--On 12 February 2004 15:59 -0600 Paul Schmehl <pauls () utdallas edu> wrote:

> --On Thursday, February 12, 2004 01:04:11 PM -0800 "Vines Scott D 2d Lt
> AFFTC/IT" <Scott.Vines () edwards af mil> wrote:
>
> > While we're on the subject of updating rules:  I have customized my own
> > rule files by disabling certain alerts within the files (but not turning
> > off the entire rule set)...is there a graceful way to update rules
> > without having to turn these off again?
>
> Yes.  Oinkmaster.

Or Snortcenter (edit the rule, save as new (which gives it a sid of 
> =1000000), disable the old rule). Sourcefire appears to work the same way.

Note that you probably want the CVS version 
of<http://sourceforge.net/projects/snortcenter2> for recent snort rulesets.

> Paul Schmehl (pauls () utdallas edu)

Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users