[Snort-users] Snort / Pulled Pork Confusion

Lay, James james.lay at ...15009...
Wed Oct 3 17:11:04 EDT 2012


 

 

From: Turnbough, Bradley E. [mailto:bturnbough at ...15650...] 
Sent: Wednesday, October 03, 2012 2:59 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort / Pulled Pork Confusion

 

Guys,

 

I'm having a little trouble wrapping my head around the snort and pulled
pork interaction.  In the snort.conf file, the following rules are
defined (by default):

 

 

 

Brad,

 

You have to run it with:

 

   -k Keep the rules in separate files (using same file names as found
when reading)

 

Caveat is that it will rename the files...VRT-*.rules for official Snort
rules, and ET-.*.rules for ET rules.  If you're only running one
instance I would recommend just going with the snort.rules file, and
then adding any rulesets you don't want to use in the ignore= option in
your pulledpork.conf.  Hope that helps.

 

James

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121003/684b8df7/attachment.html>


More information about the Snort-users mailing list