Download the Snort Rules
The Snort rule set can be found on the SNORT Community website using the following link:
In the Rules section, under Community, click community-rules.tar.gz to initiate the download.
Install the Snort Rules
To install the Snort rules on the LoadMaster, follow the steps below:
- On the LoadMaster Web User Interface (WUI) home screen, go to System Configuration > Miscellaneous Options > AFE Configuration.
- In the Intrusion Detection Options section, beside Detection Rules, click Choose File.
- Browse to and select the previously download community-rules.tar.gz file.
- Click Install new Rules.
- Select the desired Detection level.
For more information on the detection levels see the AFE Configuration section of the LoadMaster WUI Configuration Guide).
Deactivate/Activate the Snort Rules
The community-rules.tar.gz file can be modified by commenting out or un-commenting. This can be done by opening the file as an archive using a file archive tool such as 7-Zip:
- Open 7-Zip.
- Click File and select Open.
- Browse to the community-rules.tar.gz file.
- Double-click the file to open the archive.
- Continue double-clicking until the following files are visible:
- Right-click community.rules.
- Select Edit to open the file in a text editor (the edit shortcut key is F4).
- Search for the desired rule by Signature ID (SID), for example sid:2067
- To deactivate a rule, comment out the rule the rule by placing a hash symbol (#) at the begging of the line.
- To activate a rule, un-comment the rule by deleting the # at the begging of the line.
- Once the modification is complete click File > Exit to close the text editor.
- When prompted to save the file click Yes.