|
Security Basics
mailing list archives
Re: snort updates and changes to snort.conf
From: "David J. Bianco" <david () vorant com>
Date: Tue, 01 Jul 2008 08:30:05 -0400
You need to check out Oinkmaster (oinkmaster.sourceforge.net). It's a Perl
script to automate the process of downloading new rule updates, making all
your local changes (turning off or modifying rules) and merging them in
with what you already have. I think this will solve your problem nicely.
David
newsecurityguy wrote:
I know this is not really the place for this question but I have had no luck
elsewhere. Currently, snort is set to update to the newest rule set on a
daily basis, which is what I want. However, I also need to suppress some
SIDS, which I have always done by editing the snort.conf file. When the
updates occur, it appears as if snort.conf is overwritten with a new
version, as the changes I make to the file do not last more than 24 hours
before disappearing out of the snort.conf. Am I correct in assuming this is
what is occurring? Is there any other way to easily suppress events without
having to edit the file after each update?
 By Date 
By Thread
Current thread:
- Re: snort updates and changes to snort.conf David J. Bianco (Jul 02)
|
Intro
