[Snort-users] Snort / Pulled Pork Confusion

Lay, James james.lay at ...15009...
Wed Oct 3 17:11:04 EDT 2012



From: Turnbough, Bradley E. [mailto:bturnbough at ...15650...] 
Sent: Wednesday, October 03, 2012 2:59 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort / Pulled Pork Confusion




I'm having a little trouble wrapping my head around the snort and pulled
pork interaction.  In the snort.conf file, the following rules are
defined (by default):






You have to run it with:


   -k Keep the rules in separate files (using same file names as found
when reading)


Caveat is that it will rename the files...VRT-*.rules for official Snort
rules, and ET-.*.rules for ET rules.  If you're only running one
instance I would recommend just going with the snort.rules file, and
then adding any rulesets you don't want to use in the ignore= option in
your pulledpork.conf.  Hope that helps.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121003/684b8df7/attachment.html>

More information about the Snort-users mailing list