[Snort-users] Commented out rules.

SnortFan SnortFan at ...131...
Sat Dec 21 09:04:42 EST 2013


Thanks Y M and Joel,
    That worked!

Ed

Sent from a mobile device. 

> On Dec 20, 2013, at 2:15 PM, Y M <snort at ...15979...> wrote:
> 
> You can specify protocol-voip in your enablesid.conf instead of individually listing sids. The enablesid.conf file has documentation of what can be used to enable rules, categories, etc.
> 
> As for the snort.rules file, it depends. If you use the -E with your pulledpork command, then only the enabled rules will be there. If not, then all of the rules, including the disabled ones will be there.
> 
> YM
> 
> > From: SnortFan at ...131...
> > Date: Fri, 20 Dec 2013 14:03:02 -0500
> > To: snort-users at lists.sourceforge.net
> > Subject: [Snort-users] Commented out rules.
> > 
> > I've noticed after pulling rules via pulled pork there are a lot of rules disabled that are not in a policy group. Does that mean I would need to list them individually in the enablesid.conf ? I'm trying to turn on all VoIP rules. I have them enabled in my snort.conf but most of them are
> > Commented out in the snort.rules file. 
> > 
> > Also are all the rules in the snort.rules files as opposed to separate rules files?
> > 
> > Thanks,
> > Ed
> > 
> > Sent from a mobile device. 
> > ------------------------------------------------------------------------------
> > Rapidly troubleshoot problems before they affect your business. Most IT 
> > organizations don't have a clear picture of how application performance 
> > affects their revenue. With AppDynamics, you get 100% visibility into your 
> > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
> > http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> > 
> > Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20131221/d6bcbee9/attachment.html>


More information about the Snort-users mailing list