Snort mailing list archives
Re: updating snort rules with oinkmaster
From: "John J. Nagro" <jnagro () ccs neu edu>
Date: Wed, 2 Jun 2004 10:46:59 -0400
On 02.Jun.2004 04:16PM +0200, Pascal.Dubach () swisscom com wrote: oinkmaster actually lets you define the changes you want to make. as the rules get updated oinkmaster applies your changes, thus nothing is lost. find the oinkmaster website (listed in the download page for oinkmaster on snort.org) and get the newest version (1.0). untar it and read the sample config file that comes with it, that explains how to enable/disable and modify rules on the fly as they get updated. -John
Hello, I am trying to update my snort rules, and this works fine. But I have changed the priorities of some rules in some rule-files. If I just update all the snort rules, the customized ones will be overwritten. Is there any possibility not to update these rules? If I just disable the sid, the rules wouldn't be active anymore, but I want to log the alerts on the server, so they have to be active. thx and Kind Regards, Pascal _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.From Windows to Linux, servers to mobile, InstallShield X is the oneinstallation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- updating snort rules with oinkmaster Pascal.Dubach (Jun 02)
- Re: updating snort rules with oinkmaster John J. Nagro (Jun 02)
- Re: updating snort rules with oinkmaster Andreas Östling (Jun 02)