[Snort-users] Syntax for "ignore=" in Pulledpork

Stark, Vernon L. Vernon.Stark at ...383...
Wed Nov 13 12:01:36 EST 2013


What syntax is required with the "ignore=" line in Pulledpork (0.7.0) when ignoring selected Emerging Threats rules?  For example, if one wants to ignore chat.rules from the Emerging Rules set, what syntax is required?  I tried all of the following and yet "ET CHAT" rules still end up in snort.rules in the enabled state.

ignore=emerging-chat.rules

ignore=ET-chat.rules

ignore=emerging-chat

ignore=ET-chat

I have recent rule downloads, so I've been using the following:

./pulledpork.pl -c pulledpork.conf -n -P -E

Vern
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20131113/5df685ec/attachment.html>


More information about the Snort-users mailing list