Snort mailing list archives
AW: (Snort-users) snort 1.8.1 and vision18.rules and mysql
From: <sandro.poppi () wacker com>
Date: Tue, 04 Sep 2001 09:34:00 +0200
I found the solution on whitehats snort forum: Just copy and paste the classification lines out of vision18.conf (I only took a look at vision18.rules
8) to classification.config, restart snort and that's it.
Anyway thanx for the help! Ciao, Sandro
-----Ursprüngliche Nachricht----- Von: "Jeff Dell" <jdell () activeworx com> at Internet Gesendet: Montag, 3. September 2001 10:29 An: Poppi, Sandro; <snort-users () lists sourceforge net> at Internet Betreff: RE: [Snort-users] snort 1.8.1 and vision18.rules and mysql The problem that you are having with the first issues is that you are trying to use classifications from both rule sets. Unfortuneatly they are not using the same classifications and priority settings. I wrote a Windows 2000 application that merges the two rule sets together and cleans up some of the differences between them. It is called IDS Policy Manager and you can download it at
www.activeworx.com. If you start out with the official rule set, this app makes it easy to merge in new official rules and new whitehat rules when they come out. Jeff -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Poppi, Sandro Sent: Monday, September 03, 2001 10:03 AM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] snort 1.8.1 and vision18.rules and mysql I updated from snort 1.7 to 1.8.1 and am using vision18.rules from www.whitehats.com. When starting snort I get weird errors saying "Bad priority setting ..." over and over for vision18.rules. Disabling it in snort.conf resolves this but I would like to use them. Any hints? A second prob I have is with mysql: Since I'm no database guru I don't know how to upgrade the existing snort 1.7 database to 1.8.1 using the create_mysql. Running it on the existing db gives me error messages about existing tables (which is ok I know). Did anyone on the list already upgrade the db and could send me how? TIA Regards, Sandro Poppi _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: (Snort-users) snort 1.8.1 and vision18.rules and mysql sandro.poppi (Sep 03)
- <Possible follow-ups>
- AW: (Snort-users) snort 1.8.1 and vision18.rules and mysql sandro.poppi (Sep 04)