Snort mailing list archives
Re: Snort and creating new classtypes
From: "Roman Danyliw" <roman () danyliw com>
Date: Tue, 3 Sep 2002 09:06:09 -0400 (EDT)
This is the expected (if not necessarily the desired) behavior. Meta information about a signature (e.g., classification, priority) is stored in the database the first time that an event matching this signature is encountered. Without an update to the revision number of the signature to denote that something has changed, the meta information will not be updated despite a manual update to the configuration file. ACID should probably provide primatives to manipulate signature classifications. Roman On Thu, 29 Aug 2002 10:11:03 -0600, Matthew Wagenknecht <Matthew.Wagenknecht () quantum com> wrote :
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. In the snort rules, a number of virus rules have misc-activity. I want to move all virus signatures to a new classtype called virus. I created a new line in classifications.config like the following:: config classification: virus,Virus Detection,1 However when in ACID, it shows up under unclassified. Is there something else I need to do or is this and ACID issue? ..:: Matt ::..
------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and creating new classtypes Matthew Wagenknecht (Aug 29)
- <Possible follow-ups>
- RE: Snort and creating new classtypes Matthew Wagenknecht (Aug 29)
- Re: Snort and creating new classtypes Roman Danyliw (Sep 03)