Snort mailing list archives

Re: Rule Management with two separate rulesets

From: JJC <cummingsj () gmail com>
Date: Tue, 16 Jul 2013 21:58:37 -0600

I would run two pulledpork.conf files and simply write the results to
unique rules files.. ala vrt.rules and et.rules

this also simplifies your snort.conf (one file kinda thing)

JJC


On Tue, Jul 16, 2013 at 9:08 PM, Steven McLaughlin <steve () lan com au> wrote:

Hi All,

I am looking at testing emerging threats ruleset alongside snort rules. As
far as directory structures are concerned is it best to have the rules in
separate directories and run two separate instances of pulledpork? Or
better to have both rule sets all in the one directory?

The overlap could get complicated here with rule updates and snort conf
files etc..

Is anyone else doing this? If so any advice?

thanks,
smc


------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Rule Management with two separate rulesets Steven McLaughlin (Jul 16)
- Re: Rule Management with two separate rulesets JJC (Jul 16)
- Re: Rule Management with two separate rulesets waldo kitty (Jul 17)
  - Re: Rule Management with two separate rulesets JJC (Jul 17)
  - Re: Rule Management with two separate rulesets Joel Esler (Jul 17)