[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-users
Subject: Re: [Snort-users] Snort / Rules / Pulled Pork
From: Dan O'Brien via Snort-users <snort-users () lists ! snort ! org>
Date: 2017-09-17 2:45:04
Message-ID: A0BD54BA-9970-46B8-B52B-3AAB00093C06 () gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Thank you. I figured it out. The rule had actually been deleted. I downloaded the \
pulled pork rules again and it is back. I am now in the process of editing \
threshold.conf instead of snort.rules. Thanks.
Thanks,
Dan
(770) 624-1010
pdobrien3@gmail.com
"Better is a poor man who walks in his integrity than a rich man who is crooked in \
his ways." - Proverbs 28:6
Sent from my iPad
> On Sep 16, 2017, at 10:00 PM, Marcin Dulak <marcin.dulak@gmail.com> wrote:
>
> grep "suppress gen_id 3" -r /etc/
> Marcin
>
> On Sun, Sep 17, 2017 at 3:47 AM, Dan O'Brien <pdobrien3@gmail.com> wrote:
> > > pulledpork downloaded and installed the new rules, but snort has not been \
> > > restarted so it still uses the old suppress definitions. You can also force \
> > > snort to re-read the new snort.rules without restarting with: kill -hup $(pidof \
> > > snort)
> > The computer has been rebooted and snort restarted several times. Any other \
> > ideas?
> > Thanks,
> > Dan
> >
> > "Better is a poor man who walks in his integrity than a rich man who is crooked \
> > in his ways." - Proverbs 28:6
> > Sent from my iPad
> >
>
[Attachment #5 (text/html)]
<html><head><meta http-equiv="content-type" content="text/html; \
charset=utf-8"></head><body dir="auto"><div>Thank you. I figured it out. The rule had \
actually been deleted. I downloaded the pulled pork rules again and it is back. I am \
now in the process of editing threshold.conf instead of snort.rules. \
Thanks. <br><br><p class="MsoNormal" style="margin: 0in 0in 0.0001pt;"><span \
style="background-color: rgba(255, 255, 255, 0);">Thanks,<o:p></o:p></span></p><p \
class="MsoNormal" style="margin: 0in 0in 0.0001pt;"><span style="background-color: \
rgba(255, 255, 255, 0);">Dan<o:p></o:p></span></p><p class="MsoNormal" style="margin: \
0in 0in 0.0001pt;"><font color="#000000"><span style="background-color: rgba(255, \
255, 255, 0);"><a href="tel:(770)%20624-1010" dir="ltr" x-apple-data-detectors="true" \
x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="0/0" \
style="-webkit-text-decoration-color: rgba(0, 0, 0, 0.258824);">(770) \
624-1010</a><o:p></o:p></span></font></p><p class="MsoNormal" style="margin: 0in 0in \
0.0001pt;"><font color="#000000"><span style="background-color: rgba(255, 255, 255, \
0);"><a href="mailto:pdobrien3@gmail.com">pdobrien3@gmail.com</a><o:p></o:p></span></font></p><p \
class="MsoNormal" style="margin: 0in 0in 0.0001pt;"><span style="background-color: \
rgba(255, 255, 255, 0);"><br>"Better is a poor man who walks in his integrity than a \
rich man who is crooked in his ways." - Proverbs 28:6</span></p><p class="MsoNormal" \
style="margin: 0in 0in 0.0001pt;"><span style="background-color: rgba(255, 255, 255, \
0);"><br></span></p><p class="MsoNormal" style="margin: 0in 0in 0.0001pt;"><span \
style="background-color: rgba(255, 255, 255, 0);">Sent from my \
iPad</span></p></div><div><br>On Sep 16, 2017, at 10:00 PM, Marcin Dulak <<a \
href="mailto:marcin.dulak@gmail.com">marcin.dulak@gmail.com</a>> \
wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr"><pre \
style="white-space:pre-wrap;color:rgb(0,0,0)"><i>grep "suppress gen_id 3" -r \
/etc/</i></pre><pre style="white-space:pre-wrap;color:rgb(0,0,0)"><i>Marcin</i></pre></div><div \
class="gmail_extra"><br><div class="gmail_quote">On Sun, Sep 17, 2017 at 3:47 AM, Dan \
O'Brien <span dir="ltr"><<a href="mailto:pdobrien3@gmail.com" \
target="_blank">pdobrien3@gmail.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="auto"><div><blockquote type="cite"><div \
dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><font \
color="#000000"><span style="background-color:rgba(255,255,255,0)">pulledpork \
downloaded and installed the new rules, but snort has not been restarted so it still \
uses the old suppress definitions.</span></font></div><div><font \
color="#000000"><span style="background-color:rgba(255,255,255,0)">You can also force \
snort to re-read the new snort.rules without restarting \
with:</span></font></div><div><pre \
style="box-sizing:border-box;margin-top:0px;margin-bottom:0px;word-wrap:normal;padding \
:16px;overflow:auto;line-height:1.45;border-top-left-radius:3px;border-top-right-radiu \
s:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;word-break:normal"><span \
class="m_-4055578842279636622gmail-pl-s" \
style="box-sizing:border-box;white-space:normal;background-color:rgba(255,255,255,0)"><font \
color="#000000" face="UICTFontTextStyleTallBody">kill -hup $(pidof \
snort)</font></span></pre></div></div></div></div></blockquote>The computer has been \
rebooted and snort restarted several times. Any other ideas?<br><br><p \
class="MsoNormal" style="margin:0in 0in 0.0001pt"><span \
style="background-color:rgba(255,255,255,0)">Thanks,<u></u><u></u></span></p><p \
class="MsoNormal" style="margin:0in 0in 0.0001pt"><span \
style="background-color:rgba(255,255,255,0)">Dan</span></p><p class="MsoNormal" \
style="margin:0in 0in 0.0001pt"><span \
style="background-color:rgba(255,255,255,0)"><br>"Better is a poor man who walks in \
his integrity than a rich man who is crooked in his ways." - Proverbs \
28:6</span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt"><span \
style="background-color:rgba(255,255,255,0)"><br></span></p><p class="MsoNormal" \
style="margin:0in 0in 0.0001pt"><span \
style="background-color:rgba(255,255,255,0)">Sent from my \
iPad</span></p></div><div><br></div></div></blockquote></div><br></div> \
</div></blockquote></body></html>
_______________________________________________
Snort-users mailing list
Snort-users@lists.snort.org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic