Snort mailing list archives
Re: A few pulledpork questions
From: James Lay <jlay () slave-tothe-box net>
Date: Tue, 13 Aug 2013 11:57:44 -0600
On 2013-08-13 11:44, Y M wrote:
I will try to help at the best I canTo: snort-users () lists sourceforge net Date: Tue, 13 Aug 2013 11:08:18 -0600 From: jlay () slave-tothe-box net Subject: [Snort-users] A few pulledpork questions Hey all, First...seeing this when I run PP: Generating Stub Rules.... An error occurred: WARNING: threshold.conf(26) threshold (standalone) is deprecated; use event_filter instead. which is: threshold gen_id 138, sig_id 1000, type limit, track by_src, count1,seconds 60 From the readme.thresholding: THRESHOLD EXAMPLES: ------------------ # Rule Threshold - Limit to logging 1 event per 60 seconds threshold gen_id 1, sig_id 1851, type limit, track by_src, count 1, seconds 60 Why is the error occurring? What can I do to troubleshot this?"Threshold" keyword is/will be deprecated. If you read the line right above the table in section "2.4.2.1 Format" at http://manual.snort.org/node19.html [1], it says that threshold will be deprecated. Use event_filter instead. The table gives good usage explanation.
Thanks YM...I was confused about it and you cleared it up :) James ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- A few pulledpork questions James Lay (Aug 13)
- Re: A few pulledpork questions Y M (Aug 13)
- Re: A few pulledpork questions James Lay (Aug 13)
- Re: A few pulledpork questions Eoin Miller (Aug 13)
- Re: A few pulledpork questions James Lay (Aug 13)
- Re: A few pulledpork questions JJC (Aug 13)
- Re: A few pulledpork questions James Lay (Aug 13)
- Re: A few pulledpork questions JJC (Aug 13)
- Re: A few pulledpork questions James Lay (Aug 13)
- Re: A few pulledpork questions James Lay (Aug 13)
- Re: A few pulledpork questions Y M (Aug 13)