Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: oinkmaster and so rules.. FAQ broken?

From: Martin Holste <mcholste () gmail com>
Date: Wed, 9 Feb 2011 10:51:25 -0600
if that is the case, then I won't even look at pulled port.
we have multiple snorts running in multiple hosts.
on one host, one snort_lan.conf could have different rulesets than
snort_wan.conf.



I would think that makes PP perfect for you--as your actual
snort.conf's would change the least per-instance.  Just rename
snort.rules to wan.rules (or whatever).  How have you been disabling
certain sids in certain rules files on different instances?  I would
assume you've been using different directories for that.  So how would
that be different than different snort.rules files existing in
different directories?

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Previous By Date Next
Previous By Thread Next

Current thread: