[Snort-users] Snort / Rules / Pulled Pork

Dan O'Brien pdobrien3 at gmail.com
Sat Sep 16 22:45:04 EDT 2017


Thank you. I figured it out. The rule had actually been deleted. I downloaded the pulled pork rules again and it is back. I am now in the process of editing threshold.conf instead of snort.rules. Thanks. 

Thanks,
Dan
(770) 624-1010
pdobrien3 at gmail.com

"Better is a poor man who walks in his integrity than a rich man who is crooked in his ways." - Proverbs 28:6

Sent from my iPad

> On Sep 16, 2017, at 10:00 PM, Marcin Dulak <marcin.dulak at gmail.com> wrote:
> 
> grep "suppress gen_id 3" -r /etc/
> Marcin
> 
> On Sun, Sep 17, 2017 at 3:47 AM, Dan O'Brien <pdobrien3 at gmail.com> wrote:
>>> pulledpork downloaded and installed the new rules, but snort has not been restarted so it still uses the old suppress definitions.
>>> You can also force snort to re-read the new snort.rules without restarting with:
>>> kill -hup $(pidof snort)
>> The computer has been rebooted and snort restarted several times. Any other ideas?
>> 
>> Thanks,
>> Dan
>> 
>> "Better is a poor man who walks in his integrity than a rich man who is crooked in his ways." - Proverbs 28:6
>> 
>> Sent from my iPad
>> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170916/348c2801/attachment.html>


More information about the Snort-users mailing list