[Snort-users] Pulled Pork 0.7.2 Policies not working

Joel Esler (jesler) jesler at ...589...
Mon Jan 23 09:37:13 EST 2017


So, you are good to go then?
--
Joel Esler | Talos: Manager | jesler at ...589...<mailto:jesler at ...589...>






On Jan 22, 2017, at 6:42 PM, Michael Steele <michaels at ...9077...<mailto:michaels at ...9077...>> wrote:

Darn, I no sooner sent this out and remembered that I activated all the rules so the policies wouldn’t process no matter what they were set too….
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
I’m testing Pulled Pork on a slave sensor using –nPT to bypass the signature file.

I’ve tried setting the policy using Balanced and Security. When the balanced policy is ran the output says it Modified 19004 rules. However the stats at the end never changes. It fails to update the .rules file with the changes.

After running each of the policies I save the .rules file from each run, and they are identical.

Attached is the output from each run. I’m not seeing anything. Maybe this is a problem others are having but not noticing?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Thanks…
<Security.txt><Balanced.txt>------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org<http://slashdot.org/>! http://sdm.link/slashdot_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170123/79130250/attachment.html>


More information about the Snort-users mailing list