HOw do you make disabled rules stay disabled?
-
I'm disabling a rule in snort, emerging threats - policy. I click the bright, red X next to the rule, it disables it. I then restart snort and notice the rule is once again active. What am I doing wrong? As long as I disable the rule while snort is running, it seems to stay disabled. Every other config change says one needs to restart the interface/service… so?
Thanks
-
Yes snort deletes the rules and then copies them back when you start.
You need to use the suppress tab…
-
Here is a howto Video for supresstab
https://www.youtube.com/watch?v=uQ7OrxtiAes
-
Thanks for the updated info. I mis-used the "suppress" part. I thought it was just to not show those events being triggered in the webConfiguration log.
Thanks!
AWS