Home page logo

snort logo Snort mailing list archives

Re: Disabling Snort signatures with Oinkmster
From: "J. L. Cabral" <jelocabral () gmail com>
Date: Thu, 30 Dec 2010 10:13:51 -0300

If I wanto to disable the signature: SID 119-19 with:

119 is a generator ID
19 is the SID

I suppose in oinkmaster.conf I have to add the line:

disablesid 19

but this line disables all SID 19 signatures as:

sid: 19; gid: 119;
sid: 19; gid: 122;
sid: 19; gid: 133;

Or what can I do to disable just sid: 19; gid: 119; and not the rest ???

Thanks a lot


On Wed, Dec 29, 2010 at 2:32 PM, Weir, Jason <jason.weir () nhrs org> wrote:
In your oinkmaster.conf file use the disablesid\enablesid\modifysid
functions to control rule state..


-----Original Message-----
From: J. L. Cabral [mailto:jelocabral () gmail com]
Sent: Wednesday, December 29, 2010 12:17 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Disabling Snort signatures with Oinkmster

Dear, I have Snort 2.9 running with some signatures disabled from the
rules I download via Oinkmaster.

The problem is that every time Oinkmaster download new rules, the
signatures I've disables with "#" become enable again.

How can I do to tell Oinkmaster not to disable some
signatures I choose ???

Thanks a lot,



Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.

Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]