Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New rules keyword error

From: "Marc Quibell" <mquibell () fbfs com>
Date: Fri, 24 Oct 2003 08:49:58 -0500



Message: 2
Subject: Re: [Snort-users] New rules keyword error
From: Frank Knobbe <frank () knobbe us>
To: snort-users () lists sourceforge net
Date: Thu, 23 Oct 2003 13:29:10 -0500




On Thu, 2003-10-23 at 08:57, Marc Quibell wrote:

-I have always Auto-updated Snort. Period.  Never had any problems.



Oh really? You didn't run into problems during the 1.9/2.0 parallel? I
remember that CVS all of the sudden contained rules with strange new
keywords, and Snort barfed promptly. The solution was obviously to check
out the correct tag and not rely on HEAD. Maybe you got lucky with
tarballs, but I recall there being with those in the past as well.


No. Let me start this out by saying I'm not speaking for anyone else, not
assuming for anyone else. I usually do not upgrade a product until I know it's a
stable and necessary upgrade. So I believe in this case, I upgraded from Snort
1.8.x to 2.0. Now lookie there, my method worked. Any problems with 1.9.X were
avoided.


-I don't pay for this product, it's not a production show-stopper! So no =

one is

going to fuss about it, or even notice it, if it's out of comminsion for =

5 mins

or 5 days!



That may be, but that's only you. Don't assume the same for others.


Riiiiight.... I merely stated my experience.


Now, why on Earth would I babysit this product? I can usually fix any pro=

blem

with rules in a matter of seconds...



Maybe I'm missing context, but IDS's need to be babysit. If you don't,
there may be something wrong with the way to do IDS.


Oh sure, I look at the logs, look for false positives, check to see if I'm
getting everything, check to see that both are still running...etc. But like my
other linux products, everything is updated automatically: Nessus, Snort...etc.
It only makes sense to me, oh well...You do it your way, whatever that is, and
I'll do it mine. Mine seems to have less problems


No offense, just some food for thought....


I'm still hungry.


Regards,
Frank





-------------------------------------------------------
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community?  Make a contribution, and help us add new
features and functionality. Click here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: