[Oisf-users] Change order to apply rules
Konstantin Klinger
konstantin.klinger at dcso.de
Tue Jun 25 06:55:19 UTC 2019
Which version of suricata-update are you currently running? Can you
share your update.yaml, disable.conf and enable.conf please?
On 16/06/2019 07:46, K K wrote:
> Yes, I tried. But row order (disable-conf, enable-conf) in update.yaml
> didn’t affect.
>
>
>
> Суббота, 15 июня 2019, 9:53 +03:00 от Konstantin Klinger
> <konstantin.klinger at dcso.de>:
>
> Hi KK,
>
> Have you tried to put the path of your .conf files into the
> update.yaml? Suricata-Update should parse and use ist then. The
> default path is /etc/suricata/.
>
> Cheers,
> Konstantin
>
> Am 15.06.2019 um 07:44 schrieb K K <nnex at mail.ru
> <//octavius.mail.ru/compose/?mailto=mailto%3annex at mail.ru>>:
>
>> Hi, all!
>>
>> As I understand in suricata-update apply disable.conf after
>> enable.conf. How can I change this behavior?
>> I want to enable rules by regexp and make several exclude.
>>
>> Thx
>>
>> --
>> K K
>> _______________________________________________
>> Suricata IDS Users mailing list:
>> oisf-users at openinfosecfoundation.org
>> <//octavius.mail.ru/compose/?mailto=mailto%3aoisf%2dusers at openinfosecfoundation.org>
>> Site: http://suricata-ids.org | Support:
>> http://suricata-ids.org/support/
>> List:
>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users <https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users>
>>
>> Conference: https://suricon.net
>> Trainings: https://suricata-ids.org/training/
>
>
>
> --
> K K
More information about the Oisf-users
mailing list