Re: oinkmaster and so rules.. FAQ broken?

[Edward Fjellskål <edwardfjellskaal () gmail com>]

> one such reason that i'm aware, and i think i have talked with the pulledpork
> maintainer about it, is the merging of all rules files into one rules file...
> that is just not an option in our environment... management of individual rules
> sets via the snort.conf is much easier handled with the distributed multiple
> rules files... but this is quite possibly also a limitation of certain tools
> used to manage the rules sets... i've not dug deeper into it because of the
> corporate and local limits in place...

Thats just one of the reasons I would not use pulledpork...

One can solve this like I did:
https://github.com/gamelinux/polman/blob/180148b57a60900505a69579816f54c43f0e8901/Polman/Sensor.pm
Check out the code between line 549 and 596.
You need to preserve the "filename" (category) from where the rule was
picked up when parsing the rulefiles.
Then you can write them out to the original named rulefile again.

JJ Cummings ---^


E

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org