|
Security Basics
mailing list archives
Re: snort updates and changes to snort.conf
From: infolookup () gmail com
Date: Wed, 2 Jul 2008 21:19:27 +0000
------Original Message------
From: Joe Beasley
Sender: listbounce () securityfocus com
To: newsecurityguy
Cc: security-basics () securityfocus com
Sent: Jul 1, 2008 8:21 PM
Subject: Re: snort updates and changes to snort.conf
You don't have to put your snort.conf file in the same directory your
*.rules files are in. I keep my snort.conf
in /usr/local/snort-version/etc, and keep all the rules
in /usr/local/snort-version/rules.
All rule updates will have a new snort.conf (which is overwritten each
time) in the rules directory, but I start snort with the conf file in
the etc directory.
On Sun, 2008-06-29 at 18:07 -0700, newsecurityguy wrote:
I know this is not really the place for this question but I have had no luck
elsewhere. Currently, snort is set to update to the newest rule set on a
daily basis, which is what I want. However, I also need to suppress some
SIDS, which I have always done by editing the snort.conf file. When the
updates occur, it appears as if snort.conf is overwritten with a new
version, as the changes I make to the file do not last more than 24 hours
before disappearing out of the snort.conf. Am I correct in assuming this is
what is occurring? Is there any other way to easily suppress events without
having to edit the file after each update?
Sent from my Verizon Wireless BlackBerry
 By Date 
By Thread
Current thread:
|
Intro
