[Snort-users] Disabling Rules via disablesid.conf
Vona, Steven A CIV NSWCCD Philadelphia, 10411
steven.vona at ...7622...
Thu Feb 5 15:47:40 EST 2015
I have Snort running on a few sensors around our network. We have subscriptions for the rules and we use pulledpork to download the rules daily.
I am not attempting to turn the rules a little bit to disable some items that we do not need to see. I put these in disablesid.conf file and when I run pulled pork I see:
Modified 2 rules
So it looks like it is disabling the rule, however I am still receiving alerts for the rule in my database.
,,_ -*> Snort! <*-
o" )~ Version 18.104.22.168 GRE (Build 77)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using libpcap version 1.3.0
Using PCRE version: 7.8 2008-09-05
Using ZLIB version: 1.2.3
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5607 bytes
Desc: not available
More information about the Snort-users