Snort mailing list archives
Re: pulled pork
From: JJC <cummingsj () gmail com>
Date: Sat, 5 Mar 2011 09:01:42 -0700
looks correct, if PP reports no file change then the md5 file is not actually changing, I would manually download the rules tarball that you are talking about and compare to the md5 that ET publishes.. if they are different then we need to talk to the ET folks about making sure that the md5 file is updated with the file. On Sat, Mar 5, 2011 at 4:48 AM, Michael Lubinski <michael.lubinski () gmail com
wrote:
The pulledpork also always says that nothing has changed even though I know the sigs are changing daily for the ET ruleset. My rule URL is rule_url= http://rules.emergingthreats.net/|emerging.rules.tar.gz|open-nogpl Is this incorrect syntax? On Fri, Mar 4, 2011 at 11:28 PM, Jason Wallace <jason.r.wallace () gmail com>wrote:Michael, In the pulledpork.conf file there is a section near the beginning of the file where you can add a list of rule file names to ignore. Thx, Wally On Mar 4, 2011 11:04 PM, "Michael Lubinski" <michael.lubinski () gmail com> wrote:If I am not mistaken pulled pork combines the rules into a snort.rulesfileso the rest of the rules for snort should be commented out except for snort.rules. If that is correct I have another question, the block rules from ET are contained within that snort.rules, i get an unknown rule option forfwsamwhich I am not running. What option do I have to modify inpulledpork.confto have it not bull these block rules down?------------------------------------------------------------------------------ What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- pulled pork Michael Lubinski (Feb 03)
- Re: pulled pork Joel Esler (Feb 04)
- <Possible follow-ups>
- pulled pork Michael Lubinski (Mar 04)
- Re: pulled pork Jason Wallace (Mar 04)
- Re: pulled pork Michael Lubinski (Mar 05)
- Re: pulled pork JJC (Mar 05)
- Re: pulled pork NA (Mar 05)
- Re: pulled pork Jason Wallace (Mar 04)