[Snort-users] [Emerging-Sigs] (no subject)

Jun Wan junwei_wan at ...125...
Tue Nov 30 18:12:32 EST 2010


Hi Waldo,
 
I use "skipfile emerging.conf" instead as I can't find the "ignore this file" section in oinkmaster. 
I checked emerging.conf this morning, all the modified/enabled rules seem to be retained , that' good.
 
Many thanks
 
Regards
 
John  

 
> Date: Mon, 29 Nov 2010 20:29:39 -0500
> From: wkitty42 at ...14940...
> To: junwei_wan at ...125...
> CC: snort-users at lists.sourceforge.net; emerging-sigs at ...14333...
> Subject: Re: [Emerging-Sigs] (no subject)
> 
> On 11/29/2010 05:36, Jun Wan wrote:
> > I think this may be because Oinkmaster downloads emerging.conf at 2:00 am every
> > morning, so it overwrites the one I configured before, my questions would be:
> >
> > 1.) Is this the right way for Snort to use ET rules by modifying the
> > emerging.conf as above (removing # from rules of virus, trojan, p2p etc) ?
> >
> > 2.) How can I keep the modified emerging.conf from being overwritten to a new
> > downloaded one from ET?
> >
> > Any information and help would be much appreciated.
> 
> just add emerging.conf to the oinkmaster "ignore this file" section and it won't 
> be overwritten... there are several that oinkmaster is told to ignore... 
> local.rules is one example ;)
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20101130/b398eeb5/attachment.html>


More information about the Snort-users mailing list