Home page logo
/

snort logo Snort mailing list archives

Re: Disabling Snort signatures with Oinkmster
From: "J. L. Cabral" <jelocabral () gmail com>
Date: Thu, 30 Dec 2010 10:13:51 -0300

If I wanto to disable the signature: SID 119-19 with:

119 is a generator ID
19 is the SID

I suppose in oinkmaster.conf I have to add the line:

disablesid 19

but this line disables all SID 19 signatures as:

sid: 19; gid: 119;
sid: 19; gid: 122;
sid: 19; gid: 133;

Or what can I do to disable just sid: 19; gid: 119; and not the rest ???

Thanks a lot

JeLo

On Wed, Dec 29, 2010 at 2:32 PM, Weir, Jason <jason.weir () nhrs org> wrote:
In your oinkmaster.conf file use the disablesid\enablesid\modifysid
functions to control rule state..

-Jason

-----Original Message-----
From: J. L. Cabral [mailto:jelocabral () gmail com]
Sent: Wednesday, December 29, 2010 12:17 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Disabling Snort signatures with Oinkmster


Dear, I have Snort 2.9 running with some signatures disabled from the
rules I download via Oinkmaster.

The problem is that every time Oinkmaster download new rules, the
signatures I've disables with "#" become enable again.

How can I do to tell Oinkmaster not to disable some
signatures I choose ???

Thanks a lot,

JeLo



_____________________________________________________________________________________________

Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.

------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]