[Snort-users] Only local.rules

Nicholas Horton fivetenets at ...14399...
Wed Jun 12 21:08:55 EDT 2013


I have a live snort box but I I am trying to test barnyard performance over the wan. I have a ping rule in local.rules where I listen to a unique IP address. 

As that pings I use the u2spewfu and odlaw to check the performance over 5 mins.

After this test I want to go back to a full functioning snort box.

What I did was copy snort.conf into testsnort.conf and cut out section 5 of the config file.

Run snort manually using the testsnort.conf and after the test delete it and start up snort using service snortd start.

Seemed to work.

Nick

On Jun 12, 2013, at 8:48 PM, Joel Esler <jesler at ...1935...> wrote:

> Don't download any rules in the first place?
> 
> 
> --
> Joel Esler
> Sent from my iPad
> 
> On Jun 12, 2013, at 12:15 PM, Nicholas Horton <fivetenets at ...14399...> wrote:
> 
>> What's the easiest way to disable all rules (preprocessor, text, so, etc) and only use the local.rules file?
>> 
>> Nick
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by Windows:
>> 
>> Build for Windows Store.
>> 
>> http://p.sf.net/sfu/windows-dev2dev
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list