Snort mailing list archives

Syntax for "ignore=" in Pulledpork

From: "Stark, Vernon L." <Vernon.Stark () jhuapl edu>
Date: Wed, 13 Nov 2013 12:01:36 -0500

What syntax is required with the "ignore=" line in Pulledpork (0.7.0) when ignoring selected Emerging Threats rules?  
For example, if one wants to ignore chat.rules from the Emerging Rules set, what syntax is required?  I tried all of 
the following and yet "ET CHAT" rules still end up in snort.rules in the enabled state.

ignore=emerging-chat.rules

ignore=ET-chat.rules

ignore=emerging-chat

ignore=ET-chat

I have recent rule downloads, so I've been using the following:

./pulledpork.pl -c pulledpork.conf -n -P -E

Vern

------------------------------------------------------------------------------
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Syntax for "ignore=" in Pulledpork Stark, Vernon L. (Nov 13)
- Re: Syntax for "ignore=" in Pulledpork Y M (Nov 13)