[Snort-users] snort3: snort_defaults.lua pattern to include custom rules files and the meaning of ips

Marcin Dulak marcin.dulak at ...11827...
Mon Feb 20 22:02:53 EST 2017


Hi,

snort3:
https://github.com/snortadmin/snort3/commit/a9f9bd38ced24da8196746074ef60a73d3bf0438
When I use the configuration below, /etc/snort/sample.rules gets loaded.

RULE_PATH = '../rules'

local_rules =
[[
include sample.rules
]]

ips =
{
    rules = local_rules,
}

How to modify the configuration in order to achieve two goals:

1. use the sample.rules located under the RULE_PATH directory by specifying
the RULE_PATH variable, i.e. include RULE_PATH .. 'sample.rules'?

2. have the sample.rules loaded without the ips option?


Marcin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170221/faa52ce4/attachment.html>


More information about the Snort-users mailing list