[Snort-users] How to enable ALL rules when Pulledpork is ran?

Shirkdog shirkdog at ...11827...
Mon Feb 8 10:02:33 EST 2016


I did not get a chance to respond to Michael's off-list email, I had
forgotten I came up with trick, and I will add it to the
enablesid.conf file so it is never forgotten :)

---
Michael Shirk


On Mon, Feb 8, 2016 at 9:51 AM, Y M <snort at ...15979...> wrote:
> Add "pcre:." minus the quotes to your enablesid.conf, thanks to shirkdog,
> mentioning it some time back.
>
> YM
>
> Sent from Mobile
>
>
>
>
> On Mon, Feb 8, 2016 at 6:41 AM -0800, "Michael Steele"
> <michaels at ...9077...> wrote:
>
> I’m trying to figure out how to activate all the rules (for temp testing
> purposes) when PP is ran.
>
>
>
> I’m using the –nPT as the switches when I run PP on a ruleset that is
> current.
>
>
>
> All rules are located in the snort.rules file.
>
>
>
> Everything is processing normally using the ips_policy=security switch.
>
>
>
> Thanks…
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!




More information about the Snort-users mailing list