Snort mailing list archives
Re: How to resolve flowbit dependancies using Pulled Pork?
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Thu, 12 Mar 2015 23:07:14 +0000
Pulledpork should handle this automatically. However, we haven’t had an “http.rtf” flowbit in about two years. So, I am not sure what ruleset you are downloading, but it’s not the current one. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos Group On Mar 11, 2015, at 6:12 PM, Andrew Shagayev <drewshg () gmail com<mailto:drewshg () gmail com>> wrote: Hi Guys! When starting Snort getting a bunch of warnings: Warning: flowbits key 'http.rtf' is set but not ever checked. Please could anyone help me to address this! I know it can be done with pulledpork, but could you show the command example which does this Thank you! -- A.S. ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- How to resolve flowbit dependancies using Pulled Pork? Andrew Shagayev (Mar 11)
- Re: How to resolve flowbit dependancies using Pulled Pork? Joel Esler (jesler) (Mar 12)