[Snort-sigs] SnortSAM + Oinkmaster

Andreas Östling andreaso at ...58...
Thu Aug 5 12:15:01 EDT 2004


If I understand you correctly you want to add "fwsam: src, X minutes" to 
some rule(s), and make sure it stays there even when updating the rules?
Then use "modifysid". Here is an example to add 10 minutes fwsam stuff to
the end of SID 1234:

modifysid 1234 "\)$" | "fwsam: src, 10 minutes;)"

There is some documentation for modifysid in the default 
oinkmaster.conf.

/Andreas


On Thu, 5 Aug 2004, Gustavo wrote:

> How is the way I need to setup Oinkmaster when I work with snortsam and 
> somerules I have has the "fwsam: src, X minutes" at the end of the rule?
> 
> Can anyone that have already maken it work help me?




More information about the Snort-sigs mailing list