[Snort-users] Disabling rules without touching the originals

Marcus Spading linuxnews at ...4432...
Wed Jan 2 23:45:10 EST 2002


* Andreas Östling <andreaso at ...236...> [020103 07:36]:
> > Is commenting out a rule or changing the vars in a rule so it doesnt match
> > anymore really the only way to archive this? How do you guys update and
> > organize your rulesets then?
> I don't know if its going to help you, but I wrote a little script
> (http://nitzer.dhs.org/oinkmaster/) to help me updating to the latest
> rules and disable the unwanted ones (by #commenting in the actual rules
> files). You could always give it a try if you want.

Thanks. I will have at look at it. Maybe it does what I want, but
commenting out rules I do not want isn't the way I wanted to go. 

-- 
BNCU
Marcus




More information about the Snort-users mailing list