Snort mailing list archives
Re: Re: Rule update with snortcente
From: "larc" <larc () pandora be>
Date: Sat 09 Nov 2002 13:20:20 +0100
ok, this is bad timing to import the snortrule. If I surf to www.snort.org I get a connection time out. I guese there is a problem on the internet or with the snort website at this time. Stefan D. ------------------------ Atul Shrivastava <atul_iet () yahoo com> wrote: ------------------------ Hi,
Ya, you are telling right. I am behinf a proxy, but I have configured the proxy settings in the config.php in /var/www/html/snortcenter directory. I have defined the proxy path as: $proxy = " ipaddress:port"; When I click on the view rules, then there is no rules in it. Also when I select the sensor in place of default sensor. As you are saying that it may be possible that there is no update for this time, but is not so because there is no rule in the rule base. Now can you tell me, how can I get out from this. Thanks in advance. Regards, Atul Shrivastava Larc wrote:Hi, When you install a new agent, you have to activate the rules that you want to use for that 'sensor scope' and then push the configuration to the sensor. If you get " No update this time " in the management console, that is because there are no changes in the snortrules-stable rules from the snort website or if you are behind a proxy server, you didn't enter the right proxy server in the 'config.php' file Regards,Stefan Dens----- Original Message ----- From: Atul Shrivastava To: Jens Krabbenhoeft ; snort-users () lists sourceforge net Sent: Saturday, November 09, 2002 9:28 AMSubject: Re: [Snort-users] Rule update with snortcenter Hi, When I have done a fresh installation of snort center agent and then click on the UPDATE from the Internet then it displays that " No update this time " while I am updating it for the first time. Also when I check the snort configuration file then there is no rule in it. Can anyone tell me the solution. Thanks in advance. Regards, Atul Shrivastava Jens Krabbenhoeft wrote: Michael,Why Snortcenter doesn't recognize that there are rules more up to date on www.snort.org?The way snortcenter checks for new signatures is as follows: * a known signature has a known revision - if that revision increases, it says "rule has updated" * if it finds an unknown sid, it says "rule added" Apparently the snortrules-stable file has no new rules since 2002/10/31:grep "\$Id" * | grep "2002/11" grep "\$Id" * | grep "2002/10"policy.rules:# $Id: policy.rules,v 1.25.2.1 2002/10/18 15:24:20 andrewbaker Exp $grep "\$Id" * | grep "2002/09"attack-responses.rules:# $Id: attack-responses.rules,v 1.16 2002/09/18 12:52:31 cazz Exp $ experimental.rules:# $Id: experimental.rules,v 1.64 2002/09/17 18:38:10 roesch Exp $ There are new rules in cvs HEAD, which work with cvs HEAD only. These are al so in the http://www.snort.org/dl/rules/snortrules-current.tar.gz file. Hth, jens ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users --------------------------------- Do you Yahoo!? U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD --------------------------------- Do you Yahoo!? U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD Hi, Ya, you are telling right. I am behinf a proxy, but I have configured the proxy settings in the config.php in /var/www/html/snortcenter directory. I have defined the proxy path as: $proxy = " ipaddress:port"; When I click on the view rules, then there is no rules in it. Also when I select the sensor in place of default sensor. As you are saying that it may be possible that there is no update for this time, but is not so because there is no rule in the rule base. Now can you tell me, how can I get out from this. Thanks in advance. Regards, Atul Shrivastava Larc <larc () pandora be> wrote: Hi, When you install a new agent, you have to activate the rules that you want to use for that 'sensor scope' and then push the configuration to the sensor. If you get " No update this time " in the management console, that is because there are no changes in the snortrules-stable rules from the snort website or if you are behind a proxy server, you didn't enter the right proxy server in the 'config.php' file Regards, Stefan Dens ----- Original Message ----- From: Atul Shrivastava To: Jens Krabbenhoeft ; snort-users () lists sourceforge net Sent: Saturday, November 09, 2002 9:28 AM Subject: Re: [Snort-users] Rule update with snortcenter Hi, When I have done a fresh installation of snort center agent and then click on the UPDATE from the Internet then it displays that " No update this time " while I am updating it for the first time. Also when I check the snort configuration file then there is no rule in it. Can anyone tell me the solution. Thanks in advance. Regards, Atul Shrivastava Jens Krabbenhoeft <tschenz-snort-users () noris net> wrote: Michael,> Why Snortcenter doesn't recognize that there are rules more up to date> on www.snort.org?The way snortcenter checks for new signatures is as follows:* a known signature has a known revision - if that revision increases,it says "rule has updated"* if it finds an unknown sid, it says "rule added"Apparently the snortrules-stable file has no new rules since 2002/10/31:> grep "\$Id" * | grep "2002/11"> grep "\$Id" * | grep "2002/10"policy.rules:# $Id: policy.rules,v 1.25.2.1 2002/10/18 15:24:20 andrewbaker Exp $> grep "\$Id" * | grep "2002/09"attack-responses.rules:# $Id: attack-responses.rules,v 1.16 2002/09/18 12:52:31 cazz Exp $experimental.rules:# $Id: experimental.rules,v 1.64 2002/09/17 18:38:10 roesch Exp $There are new rules in cvs HEAD, which work with cvs HEAD only. Theseare al so in the http://www.snort.org/dl/rules/snortrules-current.tar.gzfile. Hth,jens-------------------------------------------------------This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size!http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en_______________________________________________Snort-users mailing listSnort-users@lists.sourceforge.netGo to this URL to change user options or unsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users list archive:http://www.geocrawler.com/redir-sf.php3?list=snort-users Do you Yahoo!?U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CDDo you Yahoo!? U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Re: Rule update with snortcente larc (Nov 09)
- <Possible follow-ups>
- Re: Re: Rule update with snortcente larc (Nov 11)