[Snort-users] More problems with pulledpork 0.6.0

JJC cummingsj at ...11827...
Fri Apr 1 10:59:16 EDT 2011


I"ll have to dig into this more, a few quick notes though..

   - Are you actually using the modifysid?
   - Suricata does NOT have SO rules, so you don't need to define the path
   to the suricata.yaml file

I'll have to setup a local rules copy and try to mimic what you are doing..
will take just a bit.

JJC

On Fri, Apr 1, 2011 at 8:45 AM, carlopmart <carlopmart at ...11827...> wrote:

> On 04/01/2011 04:39 PM, JJC wrote:
>
>> Using your exact settings (for disablesid and dropsid) I am not able to
>> reproduce the issue.
>>
>> Rule Stats....
>>         New:-------0
>>         Deleted:---0
>>         Enabled Rules:----3509
>>         Dropped Rules:----1799
>>         Disabled Rules:---10211
>>         Total Rules:------15519
>>         Done
>>
>> Do you have an ips_policy value specified in your pulledpork.conf file?
>>  Can you provide to me your pulledpork.conf file and the runtime
>> options that you are using?
>>
>> JJC
>>
>>
> I didn't have specified an ips policy. My pulledpork.conf:
>
> # My custom downloaded rules
> rule_url=http://mymirror.local.net/suricatasigs/|et.tar.gz|open
>
> # Paths defined
> temp_path=/tmp
> rule_path=/data/config/etc/suricata-inet/rules/all.rules
> local_rules=/data/config/etc/snort-common/rules/local.rules
> sid_msg=/data/config/etc/suricata-inet/sid-msg.map
> sid_changelog=/tmp/sid_changes_inet.log
>
>
> # Params for so_rules
> config_path=/data/config/etc/suricata-inet/suricata.yaml
>
>
> # Backup options
> backup=/data/config/etc/suricata-inet/rules/all.rules
> backup_file=/data/config/etc/ids-common/backup_rules/pp_ips-inet
>
>
> # Miscellaneous options
> enablesid=/data/config/etc/suricata-inet/pulledpork/enablesid.conf
> dropsid=/data/config/etc/suricata-inet/pulledpork/dropsid.conf
> disablesid=/data/config/etc/suricata-inet/pulledpork/disablesid.conf
> modifysid=/data/config/etc/suricata-inet/pulledpork/modifysid.conf
> version=0.6.0
>
> And my command line: "pulledpork.pl -c
> /data/config/etc/suricata-inet/pulledpork/pulledpork.conf -d l"
>
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110401/a1c2df3c/attachment.html>


More information about the Snort-users mailing list