[Snort-users] [Emerging-Sigs] (no subject)
wkitty42 at ...14940...
Tue Nov 30 19:22:09 EST 2010
On 11/30/2010 18:12, Jun Wan wrote:
> Hi Waldo,
> I use "skipfile emerging.conf" instead as I can't find the "ignore this file"
> section in oinkmaster.
that's it! i was coming off of a 12 hour shift when i wrote that... there's
several of those entries pretty close together and that was what i was
referencing... i'm glad you found it ;)
> I checked emerging.conf this morning, all the modified/enabled rules seem to be
> retained , that' good.
> Many thanks
you are welcome ;)
> > Date: Mon, 29 Nov 2010 20:29:39 -0500
> > From: wkitty42 at ...14940...
> > To: junwei_wan at ...125...
> > CC: snort-users at lists.sourceforge.net; emerging-sigs at ...14333...
> > Subject: Re: [Emerging-Sigs] (no subject)
> > On 11/29/2010 05:36, Jun Wan wrote:
> > > I think this may be because Oinkmaster downloads emerging.conf at 2:00
> > > morning, so it overwrites the one I configured before, my questions
> > >
> > > 1.) Is this the right way for Snort to use ET rules by modifying the
> > > emerging.conf as above (removing # from rules of virus, trojan, p2p etc) ?
> > >
> > > 2.) How can I keep the modified emerging.conf from being overwritten to
> > > downloaded one from ET?
> > >
> > > Any information and help would be much appreciated.
> > just add emerging.conf to the oinkmaster "ignore this file" section and it
> > be overwritten... there are several that oinkmaster is told to ignore...
> > local.rules is one example ;)
More information about the Snort-users