Re: [Snort-users] ignore bad rule on startup

yes i understand this, however, what if a new 'bad' rule with a new sid
would be committed ?

thank you all
..mike



On Wed, 2006-07-19 at 17:57 +0200, Klein, Jeremie wrote:
> Hi,
> =

> Oinkmaster can modify the rules on the fly just after downloading.
> You have to configure him as explained in the example. It is based on Sid=
s, so you just can tell to oinkmaster to comment out your rule given a sid.
> =

> -----Message d'origine-----
> De : snort-users-bounces@lists.sourceforge.net [mailto:snort-users-bounce=
s@lists.sourceforge.net] De la part de kakomon
> Envoy=E9 : mercredi 19 juillet 2006 23:52
> =C0 : snort-users@lists.sourceforge.net
> Objet : Re: [Snort-users] ignore bad rule on startup
> =

> Thank you for your answer Paul
> however i'm asking if there is an option, an argument, a switch or
> something, to make snort skip eventual garbage during startup
> =

> i've seen snort refusing to start due a 'fwsam' directive in some
> bleedingedge rules, like the file 'bleeding-dshield-BLOCK.rules'
> =

> or, for example, if it finds two rules with the same SID
> =

> i'll like to know if the behaviour could be to simply skip those rules
> =

> this would provide me to auto-download the rules,
> maybe with oinkmaster
> =

> now it's not possible because if a new rules update could breaks snort,
> it will not startup anymore
> =

> think about the disaster if snort is inline:
> all the traffic would be waiting in queue !
> =

> thank you very much for your time
> .mike
> =

> =

> On Wed, 2006-07-19 at 10:21 -0500, Paul Schmehl wrote:
> > kakomon wrote:
> > > Hi all !
> > > i've just subscribed this list and here comes the first question:
> > > is there a way to make snort ignore a bad rule on startup, instead of
> > > throwing an error and don't start at all ?
> > > =

> > Sure. Just comment the rule out.
> > =

> =

> =

> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share y=
our
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?p...eforge&CID=3D=
DEVDEV
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/...fo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.p...=3Dsnort-users
> =

> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share y=
our
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?p...eforge&CID=3D=
DEVDEV
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/...fo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.p...=3Dsnort-users


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?p...orge&CID=3DDE=
VDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...=3Dsnort-users