Re: Oinkmaster can't get rules

["Jefferson, Shawn" <Shawn.Jefferson () bcferries com>]

I took the opportunity to upgrade to Pulledpork, and I am glad that I did... It took about an hour or so, to get it 
configured properly, move over all my disabled rules from oinkmaster and verify that it was working properly, etc... 

The best benefit, besides the SO rules download, is the ability to disable rules based on a regex... that is awesome.  
I've disabled all the Novell, and AIX rules for instance on my network, since I don't run those OSes, which makes Snort 
run faster and my life easier (since I don't have to troll through the rules files looking for the right rules...)

I'm not sure that I like the "one big rule file" system it uses, but that's a minor thing.

Thanks for the great tool, JJ.

-----Original Message-----
From: Joel Esler [mailto:jesler () sourcefire com] 
Sent: Wednesday, July 14, 2010 5:51 AM
To: James Lay
Cc: Snort
Subject: Re: [Snort-users] Oinkmaster can't get rules

Huge. If I had to pick one feature, it would be that pulledpork handles the SO rules, and oinkmaster does not. But 
there are a lot more features than that, maybe JJ can chime in and highlight some others if you guys want. 

--
Sent from my iPad

On Jul 14, 2010, at 8:22 AM, James Lay <jlay () slave-tothe-box net> wrote:

> LoL...sure why not add more to the fun ;)  Is there THAT much of a
> difference between the two?
>
> James

<snip>

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users