From 52cbc379189f48a8f456d05a46b59646c93eba01 Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Tue, 9 Sep 2014 20:29:37 -0400
Subject: Include new SID MGMT sample conf files in manifest.

---
 config/snort/modifysid-sample.conf | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 config/snort/modifysid-sample.conf

(limited to 'config/snort/modifysid-sample.conf')

diff --git a/config/snort/modifysid-sample.conf b/config/snort/modifysid-sample.conf
new file mode 100644
index 00000000..d59f84ba
--- /dev/null
+++ b/config/snort/modifysid-sample.conf
@@ -0,0 +1,23 @@
+# example modifysid.conf
+#
+# formatting is simple
+# <sid or sid list> "what I'm replacing" "what I'm replacing it with"
+#
+# Note that this will only work with GID:1 rules, simply because modifying
+# GID:3 SO stub rules would not actually affect the rule.
+#
+# If you are attempting to change rulestate (enable,disable) from here
+# then you are doing it wrong. Do this from within the respective 
+# rulestate modification configuration files.
+
+# the following applies to sid 10010 only and represents what would normally
+# be s/to_client/from_server/
+# 10010 "to_client" "from_server"
+
+# the following would replace HTTP_PORTS with HTTPS_PORTS for ALL GID:1
+# rules
+# "HTTP_PORTS" "HTTPS_PORTS"
+
+# multiple sids can be specified as noted below:
+# 302,429,1821 "\$EXTERNAL_NET" "\$HOME_NET"
+
-- 
cgit v1.2.3