[Snort-users] [Emerging-Sigs] (no subject)
junwei_wan at ...125...
Tue Nov 30 18:12:32 EST 2010
I use "skipfile emerging.conf" instead as I can't find the "ignore this file" section in oinkmaster.
I checked emerging.conf this morning, all the modified/enabled rules seem to be retained , that' good.
> Date: Mon, 29 Nov 2010 20:29:39 -0500
> From: wkitty42 at ...14940...
> To: junwei_wan at ...125...
> CC: snort-users at lists.sourceforge.net; emerging-sigs at ...14333...
> Subject: Re: [Emerging-Sigs] (no subject)
> On 11/29/2010 05:36, Jun Wan wrote:
> > I think this may be because Oinkmaster downloads emerging.conf at 2:00 am every
> > morning, so it overwrites the one I configured before, my questions would be:
> > 1.) Is this the right way for Snort to use ET rules by modifying the
> > emerging.conf as above (removing # from rules of virus, trojan, p2p etc) ?
> > 2.) How can I keep the modified emerging.conf from being overwritten to a new
> > downloaded one from ET?
> > Any information and help would be much appreciated.
> just add emerging.conf to the oinkmaster "ignore this file" section and it won't
> be overwritten... there are several that oinkmaster is told to ignore...
> local.rules is one example ;)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users