[Snort-users] tuning sigs priority with modifysid

Stephen Nesman nesman at ...11827...
Tue Oct 31 12:00:54 EST 2006

I made this note when I last changed a priority on an existing rule:

# NOTE: existing cached entries need to be removed from snort.signaturesafter
#       running oinkmaster and restarting snort:
#       select * from signature where signature.sig_sid=[sig#]
#       delete from signature where signature.sig_id=[sig_id# from select]

On 10/30/06, martin <martin3 at ...11827...> wrote:
> I do something like:
> modifysid 4156 "sid:4156;" | "sid:4156; priority:3;"
> in oinkmaster.conf to change a priority of a signature. Then I restart
> everything. Check the rules files. Everything good. However the alert
> still comes ing at priority 1.
> I am using Mysql. Do i need to change the database entry too??
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20061031/1cb30f46/attachment.html>

More information about the Snort-users mailing list