Re: Snort / Rules / Pulled Pork

[Dan O'Brien via Snort-users <snort-users () lists snort org>]

Thank you. I figured it out. The rule had actually been deleted. I downloaded the pulled pork rules again and it is 
back. I am now in the process of editing threshold.conf instead of snort.rules. Thanks. 

Thanks,
Dan
(770) 624-1010
pdobrien3 () gmail com

"Better is a poor man who walks in his integrity than a rich man who is crooked in his ways." - Proverbs 28:6

Sent from my iPad

> On Sep 16, 2017, at 10:00 PM, Marcin Dulak <marcin.dulak () gmail com> wrote:
>
> grep "suppress gen_id 3" -r /etc/
> Marcin
>
> On Sun, Sep 17, 2017 at 3:47 AM, Dan O'Brien <pdobrien3 () gmail com> wrote:
> > > pulledpork downloaded and installed the new rules, but snort has not been restarted so it still uses the old 
> > > suppress definitions.
> > > You can also force snort to re-read the new snort.rules without restarting with:
> > > kill -hup $(pidof snort)
> > The computer has been rebooted and snort restarted several times. Any other ideas?
> >
> > Thanks,
> > Dan
> >
> > "Better is a poor man who walks in his integrity than a rich man who is crooked in his ways." - Proverbs 28:6
> >
> > Sent from my iPad
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!