Home page logo
/

snort logo Snort mailing list archives

Re: [Emerging-Sigs] (no subject)
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 30 Nov 2010 19:22:09 -0500

On 11/30/2010 18:12, Jun Wan wrote:
Hi Waldo,

I use "skipfile emerging.conf" instead as I can't find the "ignore this file"
section in oinkmaster.

that's it! i was coming off of a 12 hour shift when i wrote that... there's 
several of those entries pretty close together and that was what i was 
referencing... i'm glad you found it ;)

I checked emerging.conf this morning, all the modified/enabled rules seem to be
retained , that' good.

YAY!

Many thanks

you are welcome ;)


Regards

John


 > Date: Mon, 29 Nov 2010 20:29:39 -0500
 > From: wkitty42 () windstream net
 > To: junwei_wan () hotmail com
 > CC: snort-users () lists sourceforge net; emerging-sigs () emergingthreats net
 > Subject: Re: [Emerging-Sigs] (no subject)
 >
 > On 11/29/2010 05:36, Jun Wan wrote:
 > > I think this may be because Oinkmaster downloads emerging.conf at 2:00 
am every
 > > morning, so it overwrites the one I configured before, my questions 
would be:
 > >
 > > 1.) Is this the right way for Snort to use ET rules by modifying the
 > > emerging.conf as above (removing # from rules of virus, trojan, p2p etc) ?
 > >
 > > 2.) How can I keep the modified emerging.conf from being overwritten to 
a new
 > > downloaded one from ET?
 > >
 > > Any information and help would be much appreciated.
 >
 > just add emerging.conf to the oinkmaster "ignore this file" section and it 
won't
 > be overwritten... there are several that oinkmaster is told to ignore...
 > local.rules is one example ;)


------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault