[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: Re: [Snort-sigs] False positives(?) for spp_sip
From: wkitty42--- via Snort-sigs <snort-sigs () lists ! snort ! org>
Date: 2020-04-20 16:23:20
Message-ID: a8e398eb-4d45-773a-894c-88a8d898872d () windstream ! net
[Download RAW message or body]
On 4/20/20 10:20 AM, Pettersson, Emil wrote:
> Just to be sure, I found that we have multiples of snort.conf (this is on
> pfSense I should add), there is I guess the "main" one at
> /usr/local/etc/snort/snort.conf and then there are additional ones for each
> interface that we have Snort enabled on (i.e.
> /usr/local/etc/snort/snort_2591_em0/snort.conf). The latter seems to overwrite
> any changes whenever the Snort service is restarted so I can't comment out the
> SIP pre-processor there, not sure if this is needed or if only the former is
> used to determine what rules are used?
you need to figure out where the template is that is being used to generate
those interface confs and comment out the sip processor in there...
if you need different conf settings for each interface (eg: one has sip and the
others do not) then you need to figure out if pfsense can do custom templates
for each template...
--
NOTE: No off-list assistance is given without prior approval.
*Please keep mailing list traffic on the list where it belongs!*
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.snort.org
https://lists.snort.org/mailman/listinfo/snort-sigs
Please visit http://blog.snort.org for the latest news about Snort!
Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up \
to date to catch the most <a href=" \
https://snort.org/downloads/#rule-downloads">emerging threats</a>!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic