[Snort-users] Snort / Pulled Pork Confusion
james.lay at ...15009...
Wed Oct 3 17:11:04 EDT 2012
From: Turnbough, Bradley E. [mailto:bturnbough at ...15650...]
Sent: Wednesday, October 03, 2012 2:59 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort / Pulled Pork Confusion
I'm having a little trouble wrapping my head around the snort and pulled
pork interaction. In the snort.conf file, the following rules are
defined (by default):
You have to run it with:
-k Keep the rules in separate files (using same file names as found
Caveat is that it will rename the files...VRT-*.rules for official Snort
rules, and ET-.*.rules for ET rules. If you're only running one
instance I would recommend just going with the snort.rules file, and
then adding any rulesets you don't want to use in the ignore= option in
your pulledpork.conf. Hope that helps.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users