[Snort-users] Disabling rules without touching the originals
bmc at ...950...
Thu Jan 3 08:00:03 EST 2002
According to Marcus Spading:
> * Andreas Östling <andreaso at ...236...> [020103 07:36]:
> > > Is commenting out a rule or changing the vars in a rule so it doesnt match
> > > anymore really the only way to archive this? How do you guys update and
> > > organize your rulesets then?
> > I don't know if its going to help you, but I wrote a little script
> > (http://nitzer.dhs.org/oinkmaster/) to help me updating to the latest
> > rules and disable the unwanted ones (by #commenting in the actual rules
> > files). You could always give it a try if you want.
> Thanks. I will have at look at it. Maybe it does what I want, but
> commenting out rules I do not want isn't the way I wanted to go.
Why? If you want to disable the signature, then commenting it out
will speed up snort and it will make sure that other signatures that
come after the signature you disable will still fire.
Yeah, well, uh, just keep your Power Gloves off her, pal, huh?
More information about the Snort-users