Snort mailing list archives
Re: snort and snort-rules/ET alerts
From: Y M <snort () outlook com>
Date: Fri, 2 Dec 2016 19:52:49 +0000
The PulledPork command does not specify any rules policy (connectivity, balanced, security) to allow PulledPork enable the rules. Try running PulledPork with -I <policy>. Keep in mind that this may mess up your ET rules enablement since ET rules do not contain rules policy metadata. YM On Fri, Dec 2, 2016 at 10:47 PM +0300, "Keith Pachulski" <keith.pachulski () healthnetworklabs com<mailto:keith.pachulski () healthnetworklabs com>> wrote: Pulledpork Cronjob 0 0 * * * /home/snort/pulledpork/pulledpork.pl -c /home/snort/pulledpork/etc/pulledpork.conf Pulledpork Config rule_url=https://www.snort.org/rules/|snortrules-snapshot.tar.gz|<> rule_url=http://talosintelligence.com/feeds/ip-filter.blf|IPBLACKLIST|open ignore=deleted.rules,experimental.rules temp_path=/tmp rule_path=/home/snort/rules/snort.rules local_rules=/home/snort/rules/local.rules sid_msg=/home/snort/rules/etc/sid-msg.map sid_msg_version=1 sid_changelog=/home/snort/rules/pullpork-sid_changes.log sorule_path=/usr/local/lib/snort_dynamicrules/ snort_path=/usr/local/bin/snort config_path=/home/snort/rules/snort.conf distro=Ubuntu-12-04 black_list=/home/snort/rules/black_list.rules IPRVersion=/home/snort/rules/iplists This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication.
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort and snort-rules/ET alerts Keith Pachulski (Dec 02)
- Re: snort and snort-rules/ET alerts Joel Esler (jesler) (Dec 02)
- Re: snort and snort-rules/ET alerts Keith Pachulski (Dec 02)
- Re: snort and snort-rules/ET alerts Y M (Dec 02)
- Re: snort and snort-rules/ET alerts Joel Esler (jesler) (Dec 02)
- Re: snort and snort-rules/ET alerts Keith Pachulski (Dec 02)
- Re: snort and snort-rules/ET alerts Michael Shirk (Dec 02)
- Re: snort and snort-rules/ET alerts Keith Pachulski (Dec 02)
- Re: snort and snort-rules/ET alerts James Lay (Dec 02)
- Re: snort and snort-rules/ET alerts Joel Esler (jesler) (Dec 02)
- Re: snort and snort-rules/ET alerts Marcin Dulak (Dec 02)
- Re: snort and snort-rules/ET alerts Marcin Dulak (Dec 02)
- Re: [Snort-users] snort and snort-rules/ET alerts Michael Steele (Dec 03)
- Message not available
- Message not available
- Re: [Snort-users] snort and snort-rules/ET alerts Michael Steele (Dec 03)
- Re: snort and snort-rules/ET alerts Keith Pachulski (Dec 02)
- Re: snort and snort-rules/ET alerts Joel Esler (jesler) (Dec 02)