Re: [Oinkmaster-users] commented out rules
Brought to you by:
andreas_o
Menu
▾
▴
Re: [Oinkmaster-users] commented out rules
|
From: Russell F. <r.f...@au...> - 2009-06-23 22:58:23
|
All I can suggest is to double check that you are adding the disablesid to the config file that oinkmaster is actually reading. Other obvious things to check is that you copied the sid correctly. I've had several instances of this sort of problem over the years and all have come back to errors on my part. Russell On 23/06/2009, at 9:40 AM, mai...@lo... wrote: > > I've been getting my updates from emergingthreats.net and everything > has > been working fine. Recently some in house apps started using a port > that > sets off a false positive worm alert. I went ahead and commented out > the > alert which resolved the false positive. Yesterday oinkmaster went out > and garbed the new signature alerts and overwrote the ones I commented > out. Now all the false positives are back. > > I went into the oinkmaster.conf file and added the sig ids to the > disablesid line and it is still uncommenting the rule when it gets > updated. How do I get oinkmaster to go out and update my rules, but > not > alter the rules I comment out or edit. > > Any help will be appreciated, > Thanks > > > ------------------------------------------------------------------------------ > _______________________________________________ > Oinkmaster-users mailing list > Oin...@li... > https://lists.sourceforge.net/lists/listinfo/oinkmaster-users |
