[Snort-users] snort 2.9.2 disable alerts for so_rules (p2p)

Joel Esler jesler at ...1935...
Fri Feb 3 09:22:26 EST 2012


The correct way of doing it, actually, is to use the disablesid.conf file in pulledpork and disable the sid.  That way the comment will transverse updates.

J

On Feb 3, 2012, at 9:19 AM, Lawrence R. Hughes, Sr. wrote:

> Joel,
>  
> That does not work, it did not work in 2.8.6.1 or 2.9.2.0.
> The only way to disable them is to hash out the snort.conf file for that so_rule and that is not an answer either?
>  
> Thanks,
> Larry
>  
> ----- Original Message -----
> From: Joel Esler
> To: Lawrence R. Hughes, Sr.
> Cc: JJ Cummings ; snort-users at lists.sourceforge.net
> Sent: Thursday, February 02, 2012 8:14 PM
> Subject: Re: [Snort-users] snort 2.9.2 disable alerts for so_rules (p2p)
> 
> If you comment the rule out in the stub file as JJ suggested, it should turn the rule off.  
> 
> --
> Joel Esler
> 
> On Feb 2, 2012, at 6:25 PM, "Lawrence R. Hughes, Sr." <lhughes at ...14972....> wrote:
> 
>> no, that does not work, infact this is what the p2p.rules header says:
>> # Autogenerated skeleton rules file.  Do NOT edit by hand
>>  
>>  
>> ----- Original Message -----
>> From: JJ Cummings
>> To: Lawrence R. Hughes, Sr.
>> Cc: <snort-users at lists.sourceforge.net>
>> Sent: Thursday, February 02, 2012 6:21 PM
>> Subject: Re: [Snort-users] snort 2.9.2 disable alerts for so_rules (p2p)
>> 
>> #
>> 
>> 
>> Sent from the iRoad
>> 
>> On Feb 2, 2012, at 18:05, "Lawrence R. Hughes, Sr." <lhughes at ...14822...> wrote:
>> 
>>> Hi,
>>>  
>>> I want to disable alerts for sid:7019 gid:3 (under p2p.rules in so_rules) how would I turn off that single rule?
>>>  
>>> Thanks,
>>> Larry
>>>  
>>> ------------------------------------------------------------------------------
>>> Keep Your Developer Skills Current with LearnDevNow!
>>> The most comprehensive online learning library for Microsoft developers
>>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
>>> Metro Style Apps, more. Free future releases when you subscribe now!
>>> http://p.sf.net/sfu/learndevnow-d2d
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>> 
>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>> ------------------------------------------------------------------------------
>> Keep Your Developer Skills Current with LearnDevNow!
>> The most comprehensive online learning library for Microsoft developers
>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
>> Metro Style Apps, more. Free future releases when you subscribe now!
>> http://p.sf.net/sfu/learndevnow-d2d
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120203/f36e5278/attachment.html>


More information about the Snort-users mailing list