Snort mailing list archives
Re: Disabling Snort signatures with Oinkmster
From: "J. L. Cabral" <jelocabral () gmail com>
Date: Thu, 30 Dec 2010 10:13:51 -0300
If I wanto to disable the signature: SID 119-19 with: 119 is a generator ID 19 is the SID I suppose in oinkmaster.conf I have to add the line: disablesid 19 but this line disables all SID 19 signatures as: sid: 19; gid: 119; sid: 19; gid: 122; sid: 19; gid: 133; Or what can I do to disable just sid: 19; gid: 119; and not the rest ??? Thanks a lot JeLo On Wed, Dec 29, 2010 at 2:32 PM, Weir, Jason <jason.weir () nhrs org> wrote:
In your oinkmaster.conf file use the disablesid\enablesid\modifysid functions to control rule state.. -Jason-----Original Message----- From: J. L. Cabral [mailto:jelocabral () gmail com] Sent: Wednesday, December 29, 2010 12:17 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Disabling Snort signatures with Oinkmster Dear, I have Snort 2.9 running with some signatures disabled from the rules I download via Oinkmaster. The problem is that every time Oinkmaster download new rules, the signatures I've disables with "#" become enable again. How can I do to tell Oinkmaster not to disable some signatures I choose ??? Thanks a lot, JeLo_____________________________________________________________________________________________ Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Disabling Snort signatures with Oinkmster J. L. Cabral (Dec 29)
- Re: Disabling Snort signatures with Oinkmster John Gay (Dec 29)
- Re: Disabling Snort signatures with Oinkmster Weir, Jason (Dec 29)
- Re: Disabling Snort signatures with Oinkmster J. L. Cabral (Dec 30)
- Re: Disabling Snort signatures with Oinkmster waldo kitty (Dec 30)
- Re: Disabling Snort signatures with Oinkmster J. L. Cabral (Dec 30)