|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Joel Esler (jesler
sourcefire.com)
Date: Fri Feb 03 2012 - 08:22:26 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
The correct way of doing it, actually, is to use the disablesid.conf file in pulledpork and disable the sid. That way the comment will transverse updates.
J
On Feb 3, 2012, at 9:19 AM, Lawrence R. Hughes, Sr. wrote:
> Joel,
>
> That does not work, it did not work in 2.8.6.1 or 2.9.2.0.
> The only way to disable them is to hash out the snort.conf file for that so_rule and that is not an answer either?
>
> Thanks,
> Larry
>
> ----- Original Message -----
> From: Joel Esler
> To: Lawrence R. Hughes, Sr.
> Cc: JJ Cummings ; snort-userslists.sourceforge.net
> Sent: Thursday, February 02, 2012 8:14 PM
> Subject: Re: [Snort-users] snort 2.9.2 disable alerts for so_rules (p2p)
>
> If you comment the rule out in the stub file as JJ suggested, it should turn the rule off.
>
> --
> Joel Esler
>
> On Feb 2, 2012, at 6:25 PM, "Lawrence R. Hughes, Sr." <lhughessafemedia.com> wrote:
>
>> no, that does not work, infact this is what the p2p.rules header says:
>> # Autogenerated skeleton rules file. Do NOT edit by hand
>>
>>
>> ----- Original Message -----
>> From: JJ Cummings
>> To: Lawrence R. Hughes, Sr.
>> Cc: <snort-userslists.sourceforge.net>
>> Sent: Thursday, February 02, 2012 6:21 PM
>> Subject: Re: [Snort-users] snort 2.9.2 disable alerts for so_rules (p2p)
>>
>> #
>>
>>
>> Sent from the iRoad
>>
>> On Feb 2, 2012, at 18:05, "Lawrence R. Hughes, Sr." <lhughessafemedia.com> wrote:
>>
>>> Hi,
>>>
>>> I want to disable alerts for sid:7019 gid:3 (under p2p.rules in so_rules) how would I turn off that single rule?
>>>
>>> Thanks,
>>> Larry
>>>
>>> ------------------------------------------------------------------------------
>>> Keep Your Developer Skills Current with LearnDevNow!
>>> The most comprehensive online learning library for Microsoft developers
>>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
>>> Metro Style Apps, more. Free future releases when you subscribe now!
>>> http://p.sf.net/sfu/learndevnow-d2d
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-userslists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>> ------------------------------------------------------------------------------
>> Keep Your Developer Skills Current with LearnDevNow!
>> The most comprehensive online learning library for Microsoft developers
>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
>> Metro Style Apps, more. Free future releases when you subscribe now!
>> http://p.sf.net/sfu/learndevnow-d2d
>> _______________________________________________
>> Snort-users mailing list
>> Snort-userslists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]