Snort mailing list archives
Re: Latest rule update (Problem)
From: Phil Wood <cpw () lanl gov>
Date: Wed, 6 Mar 2002 09:45:19 -0700
On Wed, Mar 07, 2001 at 11:11:50AM -0500, skill2die4 wrote:
hi Phil : cat -n snort.conf | egrep "46" brings a blank line ....
Oh well... %^) [ to remove the false positives, I'm going to remember to do: % cat -n snort.conf | awk 'NR == 46 {print}' ] Your comments are relevant. Snort is continually evolving. I've been using it since around 1.6 time. The current rules assume variables are set based on current .conf files. I believe if you just use the new conf and new rules out of the cvs distribution, and following the USAGE file, things will work out. However, we both know that the configuration and rules need to be tweaked for whatever the local situation is. And, using an old conf file (or one provide by a "value-adder") with new rules that assume that some variable is set will probably fail. For example: # grep "^[ ]*var" snort.conf var HOME_NET any var EXTERNAL_NET any var SMTP $HOME_NET var HTTP_SERVERS $HOME_NET var SQL_SERVERS $HOME_NET var DNS_SERVERS $HOME_NET var RULE_PATH ./ If one is coming from way back, jumping into the middle of the latest snort, without first coming to grips with what these variables are and what their values should be can cause problems. I'm not sure it the above is related at all to the problem you were seeing. Just throwing it out as a possible, with the knowledge that it has definitely been a problem for me, and others on the list. -- Phil Wood, cpw () lanl gov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Latest rule update User BALGAA System Engineer (Mar 04)
- Re: Latest rule update Brian (Mar 04)
- Re: Latest rule update Stefan Dens (Mar 05)
- Latest rule update (Problem) skill2die4 (Mar 05)
- Message not available
- Message not available
- Re: Latest rule update (Problem) Phil Wood (Mar 06)
- Re: Latest rule update Stefan Dens (Mar 05)
- Re: Latest rule update Brian (Mar 04)