[Snort-users] More problems with pulledpork 0.6.0

carlopmart carlopmart at ...11827...
Fri Apr 1 10:45:36 EDT 2011


On 04/01/2011 04:39 PM, JJC wrote:
> Using your exact settings (for disablesid and dropsid) I am not able to
> reproduce the issue.
>
> Rule Stats....
>          New:-------0
>          Deleted:---0
>          Enabled Rules:----3509
>          Dropped Rules:----1799
>          Disabled Rules:---10211
>          Total Rules:------15519
>          Done
>
> Do you have an ips_policy value specified in your pulledpork.conf file?
>   Can you provide to me your pulledpork.conf file and the runtime
> options that you are using?
>
> JJC
>

I didn't have specified an ips policy. My pulledpork.conf:

# My custom downloaded rules
rule_url=http://mymirror.local.net/suricatasigs/|et.tar.gz|open

# Paths defined
temp_path=/tmp
rule_path=/data/config/etc/suricata-inet/rules/all.rules
local_rules=/data/config/etc/snort-common/rules/local.rules
sid_msg=/data/config/etc/suricata-inet/sid-msg.map
sid_changelog=/tmp/sid_changes_inet.log


# Params for so_rules
config_path=/data/config/etc/suricata-inet/suricata.yaml


# Backup options
backup=/data/config/etc/suricata-inet/rules/all.rules
backup_file=/data/config/etc/ids-common/backup_rules/pp_ips-inet


# Miscellaneous options
enablesid=/data/config/etc/suricata-inet/pulledpork/enablesid.conf
dropsid=/data/config/etc/suricata-inet/pulledpork/dropsid.conf
disablesid=/data/config/etc/suricata-inet/pulledpork/disablesid.conf
modifysid=/data/config/etc/suricata-inet/pulledpork/modifysid.conf
version=0.6.0

And my command line: "pulledpork.pl -c 
/data/config/etc/suricata-inet/pulledpork/pulledpork.conf -d l"

-- 
CL Martinez
carlopmart {at} gmail {d0t} com




More information about the Snort-users mailing list