Snort mailing list archives

Re: Signature for Snort 1.8.x

From: Andreas Östling <andreaso () it su se>
Date: Mon, 13 May 2002 19:27:09 +0200 (CEST)


On Mon, 13 May 2002, Bastian Ballmann wrote:

Hello,
I upgrade the signatures automatically by oinkmaster and now I recognize that
the rulesets http://www.snort.org/dl/signatures/snortrules.tar.gz is not
compatible to Snort 1.8.x as it is told on the webside!


Yes they are.

I also get the error unkown keyword "flow" in many rules and in bad-traffic I
get the error protocol >134 is unkown.
Could you please tell me whats going wrong here??
Greets


Those rules are commented out by default, and *for a reason*, obviously.
Use -p when running Oinkmaster to preserve the comments (which I
really regret I didn't do as the default behaviour...).

/Andreas


_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Signature for Snort 1.8.x Bastian Ballmann (May 13)
- Re: Signature for Snort 1.8.x Andreas Östling (May 13)