Snort mailing list archives
Re: Syntax for "ignore=" in Pulledpork
From: Y M <snort () outlook com>
Date: Wed, 13 Nov 2013 17:12:03 +0000
Hi, You need to define the rules/categories you want to ignore/disable in the "disbalesid.conf" file. Edit the same file and add: emerging-chat.rules The comments/documentation inside the "disbalesid.conf" file should be sufficient to get you going. I am not sure of the "ignore" within the "pulledpork.conf" will operate on ET rules. Someone else can jump in and comment in this regard. Hope this helps.YM From: Vernon.Stark () jhuapl edu To: snort-users () lists sourceforge net Date: Wed, 13 Nov 2013 12:01:36 -0500 Subject: [Snort-users] Syntax for "ignore=" in Pulledpork What syntax is required with the “ignore=” line in Pulledpork (0.7.0) when ignoring selected Emerging Threats rules? For example, if one wants to ignore chat.rules from the Emerging Rules set, what syntax is required? I tried all of the following and yet “ET CHAT” rules still end up in snort.rules in the enabled state. ignore=emerging-chat.rules ignore=ET-chat.rules ignore=emerging-chat ignore=ET-chat I have recent rule downloads, so I’ve been using the following: ./pulledpork.pl -c pulledpork.conf -n -P -E Vern ------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Syntax for "ignore=" in Pulledpork Stark, Vernon L. (Nov 13)
- Re: Syntax for "ignore=" in Pulledpork Y M (Nov 13)