[Snort-users] [Emerging-Sigs] (no subject)

waldo kitty wkitty42 at ...14940...
Tue Nov 30 19:22:09 EST 2010


On 11/30/2010 18:12, Jun Wan wrote:
 > Hi Waldo,
 >
 > I use "skipfile emerging.conf" instead as I can't find the "ignore this file"
 > section in oinkmaster.

that's it! i was coming off of a 12 hour shift when i wrote that... there's 
several of those entries pretty close together and that was what i was 
referencing... i'm glad you found it ;)

 > I checked emerging.conf this morning, all the modified/enabled rules seem to be
 > retained , that' good.

YAY!

 > Many thanks

you are welcome ;)

 >
 > Regards
 >
 > John
 >
 >
 >  > Date: Mon, 29 Nov 2010 20:29:39 -0500
 >  > From: wkitty42 at ...14940...
 >  > To: junwei_wan at ...125...
 >  > CC: snort-users at lists.sourceforge.net; emerging-sigs at ...14333...
 >  > Subject: Re: [Emerging-Sigs] (no subject)
 >  >
 >  > On 11/29/2010 05:36, Jun Wan wrote:
 >  > > I think this may be because Oinkmaster downloads emerging.conf at 2:00 
am every
 >  > > morning, so it overwrites the one I configured before, my questions 
would be:
 >  > >
 >  > > 1.) Is this the right way for Snort to use ET rules by modifying the
 >  > > emerging.conf as above (removing # from rules of virus, trojan, p2p etc) ?
 >  > >
 >  > > 2.) How can I keep the modified emerging.conf from being overwritten to 
a new
 >  > > downloaded one from ET?
 >  > >
 >  > > Any information and help would be much appreciated.
 >  >
 >  > just add emerging.conf to the oinkmaster "ignore this file" section and it 
won't
 >  > be overwritten... there are several that oinkmaster is told to ignore...
 >  > local.rules is one example ;)





More information about the Snort-users mailing list