[Snort-users] quick question about snort.conf

Peter Bates peter.bates at ...15381...
Wed Oct 24 06:41:36 EDT 2012

Hash: SHA1

Hello all

On 23/10/2012 23:06, Jeremy Hoel wrote:
> The rules file you get still has all the rules in the little groups.
> That's still the official way.

I've mentioned this before - but for the acolyte/Snort beginner
it might be more useful if the snort.conf in the tarball didn't 'include'
a load of rule files that don't actually ship in the tarball itself.

I know very well *why* the rules are not included - but as it stands
if you download Snort and are faced with a bunch of errors primarily because
it has references to files you're meant to acquire by another route.

The default snort.conf comments out the preprocessor rules (which are 
in the tarball) and the SO rules - so why not comment out the standard rules lines
- - or include 'local.rules' and comment out the rest?

Or why not generate combined tarballs for registered/subscription users 
that contain the source and rules to get people started?

This problem seems to pop up from time to time - combined with when a new Snort is released
and there are no SO rules for registered users until the 30 day limit is reached.

If we've been doing this for a while then we understand the reasons and know
the solutions - I was just trying to be Devil's Advocate and reduce
new user confusion.

- -- 
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division	      Internal Ext: 32049
University College London
London WC1E 6BT
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/


More information about the Snort-users mailing list