[Snort-users] Commented out rules.

Y M snort at ...15979...
Fri Dec 20 14:15:54 EST 2013

You can specify protocol-voip in your enablesid.conf instead of individually listing sids. The enablesid.conf file has documentation of what can be used to enable rules, categories, etc.
As for the snort.rules file, it depends. If you use the -E with your pulledpork command, then only the enabled rules will be there. If not, then all of the rules, including the disabled ones will be there.

> From: SnortFan at ...131...
> Date: Fri, 20 Dec 2013 14:03:02 -0500
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Commented out rules.
> I've noticed after pulling rules via pulled pork there are a lot of rules disabled that are not in a policy group. Does that mean I would need to list them individually in the enablesid.conf ?  I'm trying to turn on all VoIP rules. I have them enabled in my snort.conf but most of them are
> Commented out in the snort.rules file. 
> Also are all the rules in the snort.rules files as opposed to separate rules files?
> Thanks,
> Ed
> Sent from a mobile device. 
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT 
> organizations don't have a clear picture of how application performance 
> affects their revenue. With AppDynamics, you get 100% visibility into your 
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20131220/4a91b722/attachment.html>

More information about the Snort-users mailing list