Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort rules touble.

From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 21 Jun 2002 15:33:02 -0400
Yes, it's also why snortrules.tar.gz contains a snort.conf, so that you can look at it for new things you need to include :) 

I'd first get things up and running using the supplied rules.
If you then want to try using snortrules.tar.gz, try it, but be aware of the pitfalls involved in assuming you can just use new .rules files with an older.conf file ;) 


At 02:41 PM 6/21/2002 -0400, Jason Gauthier wrote:

I understand now.

The rules supplied separately have variables supplied for the ports.
The rules supplied with the distribution have them staticly entered.

Thanks a lot!



>-----Original Message-----
>From: Slighter, Tim [mailto:tslighter () itc nrcs usda gov]
>Sent: Friday, June 21, 2002 2:36 PM
>To: 'Jason Gauthier'; snort-users () lists sourceforge net
>Subject: RE: [Snort-users] Snort rules touble.
>
>
>Just like Matt Kettler said,  and pretty sure he is right.  You need to
>stick with the rules that come with the 1.86 build and NOT use the
>snortrules.tar.gz




-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: