Re: snort 2.9.2 disable alerts for so_rules (p2p)

[Joel Esler <jesler () sourcefire com>]

On Sat, Feb 04, 2012 at 07:58:10PM -0500, waldo kitty wrote:
> On 2/3/2012 22:29, Joel Esler wrote:
> > http://blog.snort.org/2012/01/importance-of-pulledpork.html
>
> i haven't read it yet and i understand what you are saying BUT there are 
> environments where it is NOT feasible or capable to run pulledpork... /THAT'S/ 
> what i and others are pointing out and trying to clarify...
>
> sadly, it is starting to look like snort is /not/ going to be able to be used in 
> environments like ours and that's NotAGoodThing<tm> :(

Not necessarily true.  While we recommend you use PulledPork, after some more thought and discussion inside the VRT 
we've realized this may not be the only way that people can feasibly deploy our rulesets.  So we are looking at a way 
to "level the playing field", as it were, with regard to the needs for PulledPork.  

As of right this second, we recommend you use it, and we always will for rule management.  But your cry of help has 
been heard to standarize the ruleset into a way that is accessible and useable by all.

--
Joel 

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!