[Snort-sigs] oinkmaster and so rules.. FAQ broken?

Martin Holste mcholste at ...2420...
Wed Feb 9 11:51:25 EST 2011


> if that is the case, then I won't even look at pulled port.
> we have multiple snorts running in multiple hosts.
> on one host, one snort_lan.conf could have different rulesets than
> snort_wan.conf.
>

I would think that makes PP perfect for you--as your actual
snort.conf's would change the least per-instance.  Just rename
snort.rules to wan.rules (or whatever).  How have you been disabling
certain sids in certain rules files on different instances?  I would
assume you've been using different directories for that.  So how would
that be different than different snort.rules files existing in
different directories?




More information about the Snort-sigs mailing list