[Snort-users] Disabling rules without touching the originals
andreaso at ...236...
Wed Jan 2 02:32:07 EST 2002
On Wed, 2 Jan 2002, Marcus Spading wrote:
> Is commenting out a rule or changing the vars in a rule so it doesnt match
> anymore really the only way to archive this? How do you guys update and
> organize your rulesets then?
I don't know if its going to help you, but I wrote a little script
(http://nitzer.dhs.org/oinkmaster/) to help me updating to the latest
rules and disable the unwanted ones (by #commenting in the actual rules
files). You could always give it a try if you want.
(It's getting kind of old now though, and I'm currently modifying it to
also update the SID map etc...)
More information about the Snort-users