Those are the rules that are disabled by default (by the Snort people)
for various reasons, it's up to you if you want to use them.
makesidex.pl is primarily ment to be used only once,
that is when you install Oinkmaster for the first time and you want to
make sure the rules you have previously disabled (if any) stay disabled
when you start to use Oinkmaster, by creating "disablesid <sid>"
statements for those rules so you can append it to your
That autodisable stuff is only needed if you really want to disable
rules by editing the rules files and commenting out the rules
instead of doing it the Oinkmaster way, i.e. creating disablesid
statements. So unless you know that you really want it (most
likely not), just ignore it and keep things simple.
On Thu, 5 Oct 2006, test test wrote:
> Hello All. I am new to snort and oinkmaster. I
> followed the how to at
> to install oinkmaster. Both snort and oinkmaster work.
> I have NOT disabled any rules whatsoever, yet my
> autodisable.conf file has many many rules disabled!!??
> Per the howto:
> "Execute the following command to make a list of what
> rules you have disabled. Re-run
> this anytime you do tuning to your sensor and turn off
> any rules. It will read what rules
> you have disabled and add them to a file that you will
> pass to OinkMaster. Make sure
> you are in /etc when you do this.
> makesidex.pl /etc/snort/rules >autodisable.conf"
> I have not disabled ANY rules, yet my autodisable.conf
> has many entries like this: