[Snort-users] snort3: snort_defaults.lua pattern to include custom rules files and the meaning of ips

Marcin Dulak marcin.dulak at ...11827...
Mon Feb 20 22:02:53 EST 2017


When I use the configuration below, /etc/snort/sample.rules gets loaded.

RULE_PATH = '../rules'

local_rules =
include sample.rules

ips =
    rules = local_rules,

How to modify the configuration in order to achieve two goals:

1. use the sample.rules located under the RULE_PATH directory by specifying
the RULE_PATH variable, i.e. include RULE_PATH .. 'sample.rules'?

2. have the sample.rules loaded without the ips option?

