[Snort-users] PulledPork 0.7.0 not parsing enablesid, disablesid, modifysid or threshold.conf files when there are no rule updates

James Lay jlay at ...13475...
Fri Aug 29 15:55:42 EDT 2014


On 2014-08-29 13:43, Weir, Jason wrote:
> I'm testing PP 0.7.0 and seeing what looks like a bug but want to
> confirm it's not a config issue on my end.
>
> As I tune the sensor I add entries in each of the config files
> (enablesid,disablesid,modifysid conf files) and then run pulledpork
> and restart snort
>
> /usr/local/bin/pulledpork.pl -c /usr/local/etc/snort/pulledpork.conf
> -vv
<bleh>
> Fly Piggy Fly!
>
> Next if I go into disablesid.conf and add another entry and re-run pp
> I get the same output as the first run - the new entry in
> disablesid.conf doesn't get parsed or disabled in the snort.rules
> file.
>
> Any ideas?
>
> Jason


Run it with -P:

-P Process rules even if no new rules were downloaded

James




More information about the Snort-users mailing list