Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: disabling specific snort rules

From: James Lay <jlay () slave-tothe-box net>
Date: Thu, 24 Oct 2013 04:33:20 -0600

On Oct 24, 2013, at 3:18 AM, Roland RoLaNd <r_o_l_a_n_d () hotmail com> wrote:


All,

I configured pulledpork to retrieve rules and it's working as expected.
Can someone please guide me on a best practice to edit such rules to enable/disable certain types?
previously, rules were divided by type under rules/* but now they all exist in one file which is snort.rules 

Any advice on how to proceed would be appreciated.

Best,

Roland 


Roland,

If you’re doing single rules it’s in your disabledsid or droppedsid conf files.  If you’re wanting to not use whole 
rulesets, add them comma separated in your pulled pork.conf file in the ignore= line.

James

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: