Re: Newbie question on signatures

[Erek Adams <erek () theadamsfamily net>]

On Mon, 30 Sep 2002, Bryan Brown wrote:

>       I've been lurking here for three weeks ever since I got snort 1.8.7
> configured and running on my system.  I believe that I have finally gotten
> snort running the way I want it to but I'm confused about the rules files.
> Specifically, are the rules files on www.snort.org ever updated.  This
> morning I downloaded the one from the web page and did a diff against the
> rules I originally grabbed.  The only differences reported were the ones I
> added to my own local.rules file.
>
>       Is there a source of updated rules for use with snort anywhere?  I
> looked through the archives and didn't see any mention of this.

The signatures are updated fairly often.  Once a new signature is written,
it's often added into the rules within hours.

You'll want: http://www.snort.org/dl/signatures/snortrules-stable.tar.gz

Grab that, move the rules to your snort rules dir--Watch out for the empty
local.rules that might overwrite your own--Add any rules you need to
snort.conf and then restart snort.  You'll also want to make sure the .conf
file with the rulesets is the same as the one with snort.  There may be
changes.

Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users