Re: quick question about snort.conf

[Joel Esler <jesler () sourcefire com>]

We are currently working on a solution that should solve this issue.

On Oct 24, 2012, at 6:41 AM, Peter Bates <peter.bates () ucl ac uk> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Hello all
>
> On 23/10/2012 23:06, Jeremy Hoel wrote:
> > The rules file you get still has all the rules in the little groups.
> > That's still the official way.
>
> I've mentioned this before - but for the acolyte/Snort beginner
> it might be more useful if the snort.conf in the tarball didn't 'include'
> a load of rule files that don't actually ship in the tarball itself.
>
> I know very well *why* the rules are not included - but as it stands
> if you download Snort and are faced with a bunch of errors primarily because
> it has references to files you're meant to acquire by another route.
>
> The default snort.conf comments out the preprocessor rules (which are 
> in the tarball) and the SO rules - so why not comment out the standard rules lines
> - - or include 'local.rules' and comment out the rest?
>
> Or why not generate combined tarballs for registered/subscription users 
> that contain the source and rules to get people started?
>
> This problem seems to pop up from time to time - combined with when a new Snort is released
> and there are no SO rules for registered users until the 30 day limit is reached.
>
> If we've been doing this for a while then we understand the reasons and know
> the solutions - I was just trying to be Devil's Advocate and reduce
> new user confusion.
>
> - -- 
> Peter Bates
> Senior Information Security Officer   Phone: +44(0)2076792049
> Information Services Division       Internal Ext: 32049
> University College London
> London WC1E 6BT
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJQh8XgAAoJELhVoVpEMS6RIrgH/Rd3IJOHVhKpKmsLR7Hjalwy
> tjNTzOwNvpYdLkLvBrOBPOLjblDA3V6TqmFFKOtafox6EXyjSBePGK7hI3pRwUe3
> kEuGBmtkY1TwdivYCKQBdSboLlDB34seddksN37GtqFVSM040gDA3NUGynXONnHD
> T0AYJkgmDegAaTw31a2F+INYt7m5ccmWDTpnIAdT1iz08Imrxqfr9GJIGYtxaaOL
> wigFBUy7e+wpdRuCGEnUuEbCM+ch6uaZqn/wqzql/gZNUMmFtAlwt7/zo4UCcL5X
> 1vX7t8sTFVCW3NyZZOrryHJJJgGXmv7/uuZwbMB4qck/+i2OOrSS0Kj9ZC+HS6o=
> =Va32
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!