Home page logo
/

snort logo Snort mailing list archives

Re: Only local.rules
From: JJ Cummings <cummingsj () gmail com>
Date: Wed, 12 Jun 2013 12:52:12 -0600

You will still need entries for these in your sid-msg.map though.

Sent from the iRoad

On Jun 12, 2013, at 11:13, Nicholas Horton <fivetenets () me com> wrote:

Perfect. Thanks to all!

Nick

On Jun 12, 2013, at 12:42 PM, waldo kitty <wkitty42 () windstream net> wrote:

On 6/12/2013 12:15, Nicholas Horton wrote:
What's the easiest way to disable all rules (preprocessor, text, so, etc) and only use the local.rules file?

1. comment out all other rules includes except local.rules
2. disable unwanted preprocessors
3. some preprocessors are required (frag3, stream5) so suppress them by GID

-- 
NOTE: No off-list assistance is given without prior approval.
     Please keep mailing list traffic on the list unless
     private contact is specifically requested and granted.

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]