[Snort-users] quick question about snort.conf
jesler at ...1935...
Wed Oct 24 11:12:21 EDT 2012
We are currently working on a solution that should solve this issue.
On Oct 24, 2012, at 6:41 AM, Peter Bates <peter.bates at ...15381...> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Hello all
> On 23/10/2012 23:06, Jeremy Hoel wrote:
>> The rules file you get still has all the rules in the little groups.
>> That's still the official way.
> I've mentioned this before - but for the acolyte/Snort beginner
> it might be more useful if the snort.conf in the tarball didn't 'include'
> a load of rule files that don't actually ship in the tarball itself.
> I know very well *why* the rules are not included - but as it stands
> if you download Snort and are faced with a bunch of errors primarily because
> it has references to files you're meant to acquire by another route.
> The default snort.conf comments out the preprocessor rules (which are
> in the tarball) and the SO rules - so why not comment out the standard rules lines
> - - or include 'local.rules' and comment out the rest?
> Or why not generate combined tarballs for registered/subscription users
> that contain the source and rules to get people started?
> This problem seems to pop up from time to time - combined with when a new Snort is released
> and there are no SO rules for registered users until the 30 day limit is reached.
> If we've been doing this for a while then we understand the reasons and know
> the solutions - I was just trying to be Devil's Advocate and reduce
> new user confusion.
> - --
> Peter Bates
> Senior Information Security Officer Phone: +44(0)2076792049
> Information Services Division Internal Ext: 32049
> University College London
> London WC1E 6BT
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
> -----END PGP SIGNATURE-----
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
More information about the Snort-users