Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort and creating new classtypes

From: "Roman Danyliw" <roman () danyliw com>
Date: Tue, 3 Sep 2002 09:06:09 -0400 (EDT)
This is the expected (if not necessarily the desired) behavior.  Meta
information about a signature (e.g., classification, priority) is stored in the
database the first time that an event matching this signature is encountered. 
Without an update to the revision number of the signature to denote that
something has changed, the meta information will not be updated despite a manual
update to the configuration file.

ACID should probably provide primatives to manipulate signature classifications.

Roman

On Thu, 29 Aug 2002 10:11:03 -0600, Matthew Wagenknecht
<Matthew.Wagenknecht () quantum com> wrote :


This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.


In the snort rules, a number of virus rules have misc-activity. I want to
move all virus signatures to a new classtype called virus. I created a new
line in classifications.config like the following::

config classification: virus,Virus Detection,1

However when in ACID, it shows up under unclassified. Is there something
else I need to do or is this and ACID issue?



..:: Matt ::..  






-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: