[Snort-users] oinkmaster

Nicholas Bernstein nick at ...10668...
Wed Dec 3 13:24:02 EST 2003


It seems that oinkmaster.pl decided it's running with the -e option, as
it is enabling all of the rules that I disable. As you can imagine, this
makes for a *lot* of that snort it picking up, and generally makes
maintenance a nightmare. 

I use includes in my snort.cf (i.e. include bad-traffic.rules). I'm
running it as 
        
        "/usr/local/bin/oinkmaster.pl -q -b /etc/snort.last/ -o /etc/snort/"

is there something I'm doing wrong? 

Thanks!
Nick
-- 
+---------------------------------------------------------------+
| Nicholas Bernstein            | nick at ...10668...             |
| UNIX Systems Administrator    | http://www.docmagic.com       |
| Document Systems Inc.         |  				|
| gpg: F706 8C4E 78FA DDDD 53A0 019F D983 FE28 2002 D1F3	|
+---------------------------------------------------------------+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20031203/b106c09a/attachment.sig>


More information about the Snort-users mailing list