Re: Snort sdrop

[Joao Daniel Neves <joaodanielnevesss () hotmail com>]

Joel,

Thnak you! I'm working on how to put snort in in line mode. I'm getting some erros. 


From: jesler () sourcefire com
Subject: Re: [Snort-users] Snort sdrop
Date: Mon, 22 Apr 2013 09:46:36 -0400
To: joaodanielnevesss () hotmail com

On Apr 22, 2013, at 9:43 AM, Joao Daniel Neves <joaodanielnevesss () hotmail com> wrote:I don't want register this 
events from this source. If I could drop/block this package it would be great. So I tought that sdrop was a good way to 
accomplish that. But for some reason it is not working. Do you have some clues ?What came to my mind is something about 
the order that snort read the rules. Is it possible to make snort read first local.rules ?
I think what you are looking for is "config order".  http://manual.snort.org/node16.html.
But you must be in inline mode for sdrop to work in the first place.
--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!