[Snort-users] More problems with pulledpork 0.6.0

JJC cummingsj at ...11827...
Fri Apr 1 11:26:10 EDT 2011


Ok, I see the problem... PP has no way of knowing that the rules you are
putting on your custom-url-server are ET rules (it determines if it's VRT or
ET based on the source url), thus the other errors (in your bug) that you
are reporting and the behavior that you see.  If you remove the ET- from
your dropsid and disablesid config.  I will be publishing a bugfix today for
that (0.6.1) that will fix both issues, but require you to use
Custom-<category> when retrieving from a purely custom url, such as you are
doing.

JJC

On Fri, Apr 1, 2011 at 9:03 AM, JJC <cummingsj at ...11827...> wrote:

> Please also comment out the modifysid.conf line also... more info to come
>
> JJC
>
>
> On Fri, Apr 1, 2011 at 9:03 AM, carlopmart <carlopmart at ...11827...> wrote:
>
>> On 04/01/2011 04:59 PM, JJC wrote:
>>
>>> I"ll have to dig into this more, a few quick notes though..
>>>
>>>    * Are you actually using the modifysid?
>>>    * Suricata does NOT have SO rules, so you don't need to define the
>>>      path to the suricata.yaml file
>>>
>>> I'll have to setup a local rules copy and try to mimic what you are
>>> doing.. will take just a bit.
>>>
>>> JJC
>>>
>>>
>> Ok, I have disabled config_path variable. I don't use modifysid option ...
>>
>> Thanks JJC.
>>
>>
>> --
>> CL Martinez
>> carlopmart {at} gmail {d0t} com
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110401/222a67db/attachment.html>


More information about the Snort-users mailing list