Re: Rule update with snortcenter

[Jens Krabbenhoeft <tschenz-snort-users () noris net>]

Michael,

> Why Snortcenter doesn't recognize that there are rules more up to date
> on www.snort.org?

The way snortcenter checks for new signatures is as follows:

* a known signature has a known revision - if that revision increases,
  it says "rule has updated"
* if it finds an unknown sid, it says "rule added"

Apparently the snortrules-stable file has no new rules since 2002/10/31:

> grep "\$Id" * | grep "2002/11"
> grep "\$Id" * | grep "2002/10"
policy.rules:# $Id: policy.rules,v 1.25.2.1 2002/10/18 15:24:20 andrewbaker Exp $
> grep "\$Id" * | grep "2002/09"
attack-responses.rules:# $Id: attack-responses.rules,v 1.16 2002/09/18 12:52:31 cazz Exp $
experimental.rules:# $Id: experimental.rules,v 1.64 2002/09/17 18:38:10 roesch Exp $

There are new rules in cvs HEAD, which work with cvs HEAD only. These
are also in the http://www.snort.org/dl/rules/snortrules-current.tar.gz
file. 

Hth,
        jens


-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users