Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: (no subject)

From: Dan O'Brien via Snort-users <snort-users () lists snort org>
Date: Tue, 3 Oct 2017 05:31:35 -0400
Thank you.  I will look into modifysid. 

Thanks,
Dan

"Better is a poor man who walks in his integrity than a rich man who is crooked in his ways." - Proverbs 28:6

Sent from my iPad


On Oct 2, 2017, at 9:41 PM, wkitty42 () windstream net wrote:


On 10/02/2017 11:59 AM, Paul O'Brien via Snort-users wrote:
Yes, ok, my bad. I just got done looking at the rule in my snort rules file and understand what you are saying now. 
So, how do you change the threshold specs from within the rule itself?  Each night I download the rules, my changes 
will be overwritten no?



depending on your update mechanism, you could have it update the rule via modifysid type code... that code would 
either strip out the existing threshold stuff and replace it or it would modify it to conform to your needs... 
modifysid is the key to your solution...


-- 
NOTE: No off-list assistance is given without prior approval.
      *Please keep mailing list traffic on the list unless*
      *a signed and pre-paid contract is in effect with us.*
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: