Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PulledPork 0.7.0 not parsing enablesid, disablesid, modifysid or threshold.conf files when there are no rule updates

From: James Lay <jlay () slave-tothe-box net>
Date: Fri, 29 Aug 2014 13:55:42 -0600
On 2014-08-29 13:43, Weir, Jason wrote:

I'm testing PP 0.7.0 and seeing what looks like a bug but want to
confirm it's not a config issue on my end.

As I tune the sensor I add entries in each of the config files
(enablesid,disablesid,modifysid conf files) and then run pulledpork
and restart snort

/usr/local/bin/pulledpork.pl -c /usr/local/etc/snort/pulledpork.conf
-vv

<bleh>

Fly Piggy Fly!

Next if I go into disablesid.conf and add another entry and re-run pp
I get the same output as the first run - the new entry in
disablesid.conf doesn't get parsed or disabled in the snort.rules
file.

Any ideas?

Jason



Run it with -P:

-P Process rules even if no new rules were downloaded

James

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: