Snort mailing list archives
Re: Fw: Whitehats rules don't work
From: Phil Wood <cpw () lanl gov>
Date: Tue, 5 Jun 2001 08:44:58 -0600
On Mon, Jun 04, 2001 at 10:31:52PM +0530, Sid wrote:
Jun 4 14:43:12 e220r trons[10691]: ERROR /sw/trons/conf/vision18.rules(1)
^ 1. use the current version of snort found in cvs.
=> Bad Priority setting
"attempted-dos" And so on and so forth ....... i think Snort does not recognise the 20 priority-system which whitehats follows.
2. use the whitehats classification system that can be found in vision.conf. grep "^config classification" vision.conf > classification.vision 3. don't use the <group>.rules files. The best way to do this is to use vision.conf. (Remember, 1.8 is not released, you are treading water with the rest of us)
Siddhartha
-- Phil Wood, cpw () lanl gov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Whitehats rules don't work Sid (Jun 04)
- Re: Whitehats rules don't work Chris Green (Jun 04)
- Re: Whitehats rules don't work Max Vision (Jun 04)
- Re: Whitehats rules don't work François Désarménien (Jun 05)
- Whitehats rules work :) (was Re: Whitehats rules don't work) Max Vision (Jun 05)
- Re: Whitehats rules work :) (was Re: Whitehats rules don't work) Max Vision (Jun 05)
- Whitehats rules work :) (was Re: Whitehats rules don't work) Max Vision (Jun 05)
- <Possible follow-ups>
- RE: Whitehats rules don't work Ginnetty, James (Jun 04)
- RE: Whitehats rules don't work Caruso, Ken (Jun 04)
- Fw: Whitehats rules don't work Sid (Jun 04)
- Re: Fw: Whitehats rules don't work Phil Wood (Jun 05)