Snort mailing list archives
Re: Problems disabling rule categories with PulledPork
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 8 Mar 2011 16:03:15 -0500
At the top of the pulledpork.conf file, there is the rule_url specifications. To get remove a ruleset completely and quickly, comment out the rule_url you don't want to download. After you want to add it back in, check out the disablesid.conf file, and the syntax that is in there for disabling rule files individually. Joel On Tue, Mar 8, 2011 at 3:20 PM, Mike Kun <mkun () akamai com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We're running pulledpork for rulemanagemnts and use it to pull down VRT and ETPro rulesets. We'd like to be able to disable All the ETPro rules and enable them slowly for tuning purposes. Is there any way to do this without disabling the VRT rules as well. For example, if I add "ftp" to the disablesid file, that should disable all FTP rules for both VRT and ETPro. Suppose I only wanted to disable the ETPro Ftp rules, how could that be handled? - -Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNdo+iAAoJEMhWEt1OJPG/gKQH/02dS+GBch9D0BKLo3PWkQ2b 2gLiOqQ9+aHR5KCJPI5ggOWvLJOExS8OVIO/biQw8b/88dAVcwWAKTkK9otxBT9i qly6uH2WBfYHEyKTu65Ur3R1SJSN6a4Ol54N1BINZTAph9rRsGEchNcHVYngbwXB 9AKx3FxRAHtHo0g5PawER9A/EZGH6czXxKr4Ai13D4RaZ6/YbwrQJTMB9qN4bKpR 4AT0RJ6y/LlapMbgJkrCC2iG7PPa1CP7vP7fg62ZqfqaABDktqCM+oS8lGVlTK3p Nie1GRTQgJxd+W0VZ/WfFhDyElHV7RO4P1VfGugIWrTk319k0GiEZSXi1Fxw634= =UrLk -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Joel Esler | http://blog.snort.org | http://vrt-blog.snort.org | http://blog.clamav.net
------------------------------------------------------------------------------ What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problems disabling rule categories with PulledPork Mike Kun (Mar 08)
- Re: Problems disabling rule categories with PulledPork Joel Esler (Mar 08)
- Re: Problems disabling rule categories with PulledPork Mike Kun (Mar 08)
- Re: Problems disabling rule categories with PulledPork Joel Esler (Mar 08)
- Re: Problems disabling rule categories with PulledPork Mike Kun (Mar 08)
- Re: Problems disabling rule categories with PulledPork Martin Holste (Mar 08)
- Re: Problems disabling rule categories with PulledPork Jason Wallace (Mar 08)
- Re: Problems disabling rule categories with PulledPork Martin Holste (Mar 08)
- Re: Problems disabling rule categories with PulledPork Jason Wallace (Mar 08)
- Re: Problems disabling rule categories with PulledPork Randal T. Rioux (Mar 08)
- Re: Problems disabling rule categories with PulledPork Joel Esler (Mar 08)