Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rule update with snortcenter

From: Atul Shrivastava <atul_iet () yahoo com>
Date: Sat, 9 Nov 2002 03:44:41 -0800 (PST)

Hi,
Ya, you are telling right. I am behinf a proxy, but I have configured the proxy settings in the config.php in 
/var/www/html/snortcenter directory.
I have defined the proxy path as:
$proxy = " ipaddress:port";
When I click on the view rules, then there is no rules in it. Also when I select the sensor in place of default sensor.
As you are saying that it may be possible that there is no update for this time, but is not so because there is no rule 
in the rule base.
Now can you tell me, how can I get out from this.
Thanks in advance.
Regards,
           Atul Shrivastava
 
 Larc <larc () pandora be> wrote:Hi, When you install a new agent, you have to activate the rules that you want to use 
for that 'sensor scope' and then push the configuration to the sensor. If you get " No update this time " in the 
management console, that is because there are no changes in the snortrules-stable rules from the snort website or if 
you are behind a proxy server, you didn't enter the right proxy server in the 'config.php' file Regards,Stefan 
Dens----- Original Message ----- From: Atul Shrivastava To: Jens Krabbenhoeft ; snort-users () lists sourceforge net 
Sent: Saturday, November 09, 2002 9:28 AMSubject: Re: [Snort-users] Rule update with snortcenter

Hi, 
When I have done a fresh installation of snort center agent and then click on the UPDATE from the Internet then it 
displays that " No update this time " while I am updating it for the first time. 
Also when I check the snort configuration file then there is no rule in it. 
Can anyone tell me the solution. 
Thanks in advance. 
Regards, 
               Atul Shrivastava 

 Jens Krabbenhoeft <tschenz-snort-users () noris net> wrote: Michael,


Why Snortcenter doesn't recognize that there are rules more up to date
on www.snort.org?


The way snortcenter checks for new signatures is as follows:

* a known signature has a known revision - if that revision increases,
it says "rule has updated"
* if it finds an unknown sid, it says "rule added"

Apparently the snortrules-stable file has no new rules since 2002/10/31:


grep "\$Id" * | grep "2002/11"
grep "\$Id" * | grep "2002/10"

policy.rules:# $Id: policy.rules,v 1.25.2.1 2002/10/18 15:24:20 andrewbaker Exp $

grep "\$Id" * | grep "2002/09"

attack-responses.rules:# $Id: attack-responses.rules,v 1.16 2002/09/18 12:52:31 cazz Exp $
experimental.rules:# $Id: experimental.rules,v 1.64 2002/09/17 18:38:10 roesch Exp $

There are new rules in cvs HEAD, which work with cvs HEAD only. These
are al so in the http://www.snort.org/dl/rules/snortrules-current.tar.gz
file. 

Hth,
jens


-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


---------------------------------
Do you Yahoo!?
U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD


---------------------------------
Do you Yahoo!?
U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD
Previous By Date Next
Previous By Thread Next

Current thread: