[Snort-users] select rules

McCammon, Keith Keith.McCammon at ...3497...
Thu Jun 13 10:46:04 EDT 2002


Rules can be called from an include, which tells Snort to follow the path to the rules file specified, and load it at initialization.  Rules can also be included in snort.conf directly.
 
If you want to deactivate a single rule within any list of rules, you can:
 
1) delete the rule and re-initialize Snort,
 
2) place a # in front of the rule, commenting it out, and re-initialize Snort, or
 
3) write a pass rule with the same properties in local.rules (or wherever you prefer), and re-initialize Snort with the -o option.
 
Cheers
 
Keith
 

-----Original Message-----
From: DoL [mailto:dwylau at ...6051...]
Sent: Thursday, June 13, 2002 1:30 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] select rules


Hi ALL
 
My understanding on rules is that "they are included in *.rules files".  But is there any way to deactivate / activate a particular rule instead of the whole .rules file?  Do I need to restart snort to make it effective?
 
Thanks
/dl

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020613/cdf01049/attachment.html>


More information about the Snort-users mailing list