Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Vista
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
Security Basics
Back to list
|
Post reply
Re: snort updates and changes to snort.conf
Jul 02 2008 09:19PM
infolookup gmail com
(1 replies)
------Original Message------
From: Joe Beasley
Sender: listbounce (at) securityfocus (dot) com [email concealed]
To: newsecurityguy
Cc: security-basics (at) securityfocus (dot) com [email concealed]
Sent: Jul 1, 2008 8:21 PM
Subject: Re: snort updates and changes to snort.conf
You don't have to put your snort.conf file in the same directory your
*.rules files are in. I keep my snort.conf
in /usr/local/snort-version/etc, and keep all the rules
in /usr/local/snort-version/rules.
All rule updates will have a new snort.conf (which is overwritten each
time) in the rules directory, but I start snort with the conf file in
the etc directory.
On Sun, 2008-06-29 at 18:07 -0700, newsecurityguy wrote:
> I know this is not really the place for this question but I have had no luck
> elsewhere. Currently, snort is set to update to the newest rule set on a
> daily basis, which is what I want. However, I also need to suppress some
> SIDS, which I have always done by editing the snort.conf file. When the
> updates occur, it appears as if snort.conf is overwritten with a new
> version, as the changes I make to the file do not last more than 24 hours
> before disappearing out of the snort.conf. Am I correct in assuming this is
> what is occurring? Is there any other way to easily suppress events without
> having to edit the file after each update?
Sent from my Verizon Wireless BlackBerry
[ reply ]
Re: snort updates and changes to snort.conf
Jul 10 2008 11:05PM
newsecurityguy (JBASKEW uncg edu)
Privacy Statement
Copyright 2008, SecurityFocus
------Original Message------
From: Joe Beasley
Sender: listbounce (at) securityfocus (dot) com [email concealed]
To: newsecurityguy
Cc: security-basics (at) securityfocus (dot) com [email concealed]
Sent: Jul 1, 2008 8:21 PM
Subject: Re: snort updates and changes to snort.conf
You don't have to put your snort.conf file in the same directory your
*.rules files are in. I keep my snort.conf
in /usr/local/snort-version/etc, and keep all the rules
in /usr/local/snort-version/rules.
All rule updates will have a new snort.conf (which is overwritten each
time) in the rules directory, but I start snort with the conf file in
the etc directory.
On Sun, 2008-06-29 at 18:07 -0700, newsecurityguy wrote:
> I know this is not really the place for this question but I have had no luck
> elsewhere. Currently, snort is set to update to the newest rule set on a
> daily basis, which is what I want. However, I also need to suppress some
> SIDS, which I have always done by editing the snort.conf file. When the
> updates occur, it appears as if snort.conf is overwritten with a new
> version, as the changes I make to the file do not last more than 24 hours
> before disappearing out of the snort.conf. Am I correct in assuming this is
> what is occurring? Is there any other way to easily suppress events without
> having to edit the file after each update?
Sent from my Verizon Wireless BlackBerry
[ reply ]