snort-sigs February 2011 archive
Main Archive Page > Month Archives  > snort-sigs archives
snort-sigs: Re: [Snort-sigs] oinkmaster and so rules.. FAQ broke

Re: [Snort-sigs] oinkmaster and so rules.. FAQ broken?

From: Martin Holste <mcholste_at_nospam>
Date: Wed Feb 09 2011 - 16:51:25 GMT
To: Michael Scheidell <>

> if that is the case, then I won't even look at pulled port.
> we have multiple snorts running in multiple hosts.
> on one host, one snort_lan.conf could have different rulesets than
> snort_wan.conf.

I would think that makes PP perfect for you--as your actual
snort.conf's would change the least per-instance. Just rename
snort.rules to wan.rules (or whatever). How have you been disabling
certain sids in certain rules files on different instances? I would
assume you've been using different directories for that. So how would
that be different than different snort.rules files existing in
different directories?

The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
Snort-sigs mailing list