Home page logo

snort logo Snort mailing list archives

Re: [Emerging-Sigs] (no subject)
From: Jun Wan <junwei_wan () hotmail com>
Date: Tue, 30 Nov 2010 23:12:32 +0000

Hi Waldo,
I use "skipfile emerging.conf" instead as I can't find the "ignore this file" section in oinkmaster. 
I checked emerging.conf this morning, all the modified/enabled rules seem to be retained , that' good.
Many thanks

Date: Mon, 29 Nov 2010 20:29:39 -0500
From: wkitty42 () windstream net
To: junwei_wan () hotmail com
CC: snort-users () lists sourceforge net; emerging-sigs () emergingthreats net
Subject: Re: [Emerging-Sigs] (no subject)

On 11/29/2010 05:36, Jun Wan wrote:
I think this may be because Oinkmaster downloads emerging.conf at 2:00 am every
morning, so it overwrites the one I configured before, my questions would be:

1.) Is this the right way for Snort to use ET rules by modifying the
emerging.conf as above (removing # from rules of virus, trojan, p2p etc) ?

2.) How can I keep the modified emerging.conf from being overwritten to a new
downloaded one from ET?

Any information and help would be much appreciated.

just add emerging.conf to the oinkmaster "ignore this file" section and it won't 
be overwritten... there are several that oinkmaster is told to ignore... 
local.rules is one example ;)
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]