Martin wrote:
On oinkmaster how would I shut off your rules specifically?
I was under the assumption if the rule is edited and ID remains the
same it will not be overwritten on next oinkmaster update..Am i
mistaken here?
Like Joel said, it will be overwritten. If the downloaded rule is
different than the local version, the downloaded one is always regarded
as the most recent version. You can however use
'localsid <sid>' in oinkmaster.conf if you want to make local tweaks to
the rule without moving it to a separate file that isn't controlled by
Oinkmaster. I personally don't like localsid that much but it's there.
The Oinkmaster FAQ (Q21) at
http://oinkmaster.sourceforge.net/faq.shtml has more info.
If you just want to turn off the rule completely, simply use 'disablesid
<sid>' instead.
I started creating a web-based interface to editing oinkmaster.conf a
while ago that will make rules management with Oinkmaster easier
(especially if you have a large oinkmaster.conf). I hope it will be
finished any year now.
/Andreas
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
