[Snort-users] quick question about snort.conf

Joel Esler jesler at ...1935...
Wed Oct 24 11:12:21 EDT 2012


We are currently working on a solution that should solve this issue.

On Oct 24, 2012, at 6:41 AM, Peter Bates <peter.bates at ...15381...> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> Hello all
> 
> On 23/10/2012 23:06, Jeremy Hoel wrote:
>> The rules file you get still has all the rules in the little groups.
>> That's still the official way.
> 
> I've mentioned this before - but for the acolyte/Snort beginner
> it might be more useful if the snort.conf in the tarball didn't 'include'
> a load of rule files that don't actually ship in the tarball itself.
> 
> I know very well *why* the rules are not included - but as it stands
> if you download Snort and are faced with a bunch of errors primarily because
> it has references to files you're meant to acquire by another route.
> 
> The default snort.conf comments out the preprocessor rules (which are 
> in the tarball) and the SO rules - so why not comment out the standard rules lines
> - - or include 'local.rules' and comment out the rest?
> 
> Or why not generate combined tarballs for registered/subscription users 
> that contain the source and rules to get people started?
> 
> This problem seems to pop up from time to time - combined with when a new Snort is released
> and there are no SO rules for registered users until the 30 day limit is reached.
> 
> If we've been doing this for a while then we understand the reasons and know
> the solutions - I was just trying to be Devil's Advocate and reduce
> new user confusion.
> 
> - -- 
> Peter Bates
> Senior Information Security Officer   Phone: +44(0)2076792049
> Information Services Division	      Internal Ext: 32049
> University College London
> London WC1E 6BT
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
> 
> iQEcBAEBAgAGBQJQh8XgAAoJELhVoVpEMS6RIrgH/Rd3IJOHVhKpKmsLR7Hjalwy
> tjNTzOwNvpYdLkLvBrOBPOLjblDA3V6TqmFFKOtafox6EXyjSBePGK7hI3pRwUe3
> kEuGBmtkY1TwdivYCKQBdSboLlDB34seddksN37GtqFVSM040gDA3NUGynXONnHD
> T0AYJkgmDegAaTw31a2F+INYt7m5ccmWDTpnIAdT1iz08Imrxqfr9GJIGYtxaaOL
> wigFBUy7e+wpdRuCGEnUuEbCM+ch6uaZqn/wqzql/gZNUMmFtAlwt7/zo4UCcL5X
> 1vX7t8sTFVCW3NyZZOrryHJJJgGXmv7/uuZwbMB4qck/+i2OOrSS0Kj9ZC+HS6o=
> =Va32
> -----END PGP SIGNATURE-----
> 
> 
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-users mailing list