[Snort-users] Commented out rules.

Joel Esler (jesler) jesler at ...589...
Fri Dec 20 14:07:19 EST 2013


On 12/20/13, 2:03 PM, "SnortFan" <SnortFan at ...131...> wrote:

>I've noticed after pulling rules via pulled pork there are a lot of rules
>disabled that are not in a policy group. Does that mean I would need to
>list them individually in the enablesid.conf ?  I'm trying to turn on all
>VoIP rules. I have them enabled in my snort.conf but most of them are
>Commented out in the snort.rules file.

You¹d need to at the rule file to enablesid.conf in pulledpork.  That will
turn them on by default when your run pulledpork.


> 
>
>Also are all the rules in the snort.rules files as opposed to separate
>rules files?

Yes, they are.  This is the way that pulledpork works.

--
Joel Esler
Intelligence Lead
Open Source Manager
Vulnerability Research Team
New Email: jesler at ...589...





More information about the Snort-users mailing list