Snort mailing list archives

Re: Rulesets

From: Jim Burwell <jimb () broadvision com>
Date: Thu, 18 Jul 2002 20:28:03 -0700

I had to do a double take the first time I went to get new rulesets, mymouse hovering over 'current' file. "Oh. the 'current' file is for thedevel version. OK."

Perhaps 'snortrules-devel.tar.gz' would be a more appropriate name forthis file, seeing most other software out there on the net uses'current' in the filename to refer to the most recent stable release,not the development release.

Sure, it says right there on the page which is the correct file to get,but anything which results in fewer questions asked and generalconfusion is good, eh ?


- Jim

Erek Adams wrote:

On Thu, 18 Jul 2002, Brandon Harms wrote:

I am using RedHat 7.2 with mysql support. I got snort working except it
seems to be having problems with the rulesets. It doesn't like the word
"flow" in the rules. It will give an error message:
"scan.rules => Unknown keyword "flow" in rule!". It does it for all the
rules containing the word. Any ideas?


You're using the wrong ruleset.

        http://www.snort.org/dl/signatures/snortrules.tar.gz  is for 1.8.7

        http://www.snort.org/dl/signatures/snortrules-current.tar.gz is for
the 'development version' (1.9).

Cheers.

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
+---------------------------------------------------------------------+
|    Jim Burwell - Sr. Systems/Network Admin., Broadvision, Inc.      |
+---------------------------------------------------------------------+
| "I never let my schooling get in the way of my education"-Mark Twain|
| "UNIX was never designed to keep people from doing stupid things,   |
| because that policy would also keep them from doing clever things." |
| "Cool is only three letters away from Fool" - Mike Muir, Suicyco    |
| "..Government in its best state is but a necessary evil; in its     |
| worst state an intolerable one.."-Thomas Paine,"Common Sense"(1776) |
+---------------------------------------------------------------------+
|    Email:  jimb () broadvision com               ICQ UIN:  1695089     |
|             Voice:  650-261-5175  Fax:  650-261-5900                |
+---------------------------------------------------------------------+

Current thread:

Rulesets Brandon Harms (Jul 18)
- Re: Rulesets Erek Adams (Jul 18)
  - Re: Rulesets Jim Burwell (Jul 18)
- <Possible follow-ups>
- RE: Rulesets Matt Yackley (Jul 18)