Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Question about "registered" rules

From: "W. Michael Petullo" <mike () flyn org>
Date: Tue, 21 Dec 2021 11:08:40 -0600
I am trying to better understand two aspects of the "registered" 3.0
rules available at https://www.snort.org/downloads. I am presently
using Snort 3.1.18.0 on OpenWrt. I also happen to maintain this package
for the OpenWrt project.

1. I find that I have to replace this statement in etc/lua.conf:

        variables = default_variables_singletable

with:

        variables = default_variables

If I do not make this change, then snort will not run. Is this expected?

2. There are a number of tarballs available:

        Talos_LightSPD.tar.gz
        snortrules-snapshot-31180.tar.gz
        snortrules-snapshot-31150.tar.gz
        snortrules-snapshot-31110.tar.gz
        snortrules-snapshot-3190.tar.gz
        snortrules-snapshot-3170.tar.gz 
        [...]

How do I judge which to use? The numbers present seem to correspond to
Snort releases, but some releases seem to lack a corresponding rules
tarball. What is Talos_LightSPD.tar.gz? Does a document exist that
describes the release process for rules?

Thank you,

-- 
Mike

:wq
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: