Snort mailing list archives
Re: Rule update with snortcenter
From: Atul Shrivastava <atul_iet () yahoo com>
Date: Sat, 9 Nov 2002 03:44:41 -0800 (PST)
Hi, Ya, you are telling right. I am behinf a proxy, but I have configured the proxy settings in the config.php in /var/www/html/snortcenter directory. I have defined the proxy path as: $proxy = " ipaddress:port"; When I click on the view rules, then there is no rules in it. Also when I select the sensor in place of default sensor. As you are saying that it may be possible that there is no update for this time, but is not so because there is no rule in the rule base. Now can you tell me, how can I get out from this. Thanks in advance. Regards, Atul Shrivastava Larc <larc () pandora be> wrote:Hi, When you install a new agent, you have to activate the rules that you want to use for that 'sensor scope' and then push the configuration to the sensor. If you get " No update this time " in the management console, that is because there are no changes in the snortrules-stable rules from the snort website or if you are behind a proxy server, you didn't enter the right proxy server in the 'config.php' file Regards,Stefan Dens----- Original Message ----- From: Atul Shrivastava To: Jens Krabbenhoeft ; snort-users () lists sourceforge net Sent: Saturday, November 09, 2002 9:28 AMSubject: Re: [Snort-users] Rule update with snortcenter Hi, When I have done a fresh installation of snort center agent and then click on the UPDATE from the Internet then it displays that " No update this time " while I am updating it for the first time. Also when I check the snort configuration file then there is no rule in it. Can anyone tell me the solution. Thanks in advance. Regards, Atul Shrivastava Jens Krabbenhoeft <tschenz-snort-users () noris net> wrote: Michael,
Why Snortcenter doesn't recognize that there are rules more up to date on www.snort.org?
The way snortcenter checks for new signatures is as follows: * a known signature has a known revision - if that revision increases, it says "rule has updated" * if it finds an unknown sid, it says "rule added" Apparently the snortrules-stable file has no new rules since 2002/10/31:
grep "\$Id" * | grep "2002/11" grep "\$Id" * | grep "2002/10"
policy.rules:# $Id: policy.rules,v 1.25.2.1 2002/10/18 15:24:20 andrewbaker Exp $
grep "\$Id" * | grep "2002/09"
attack-responses.rules:# $Id: attack-responses.rules,v 1.16 2002/09/18 12:52:31 cazz Exp $ experimental.rules:# $Id: experimental.rules,v 1.64 2002/09/17 18:38:10 roesch Exp $ There are new rules in cvs HEAD, which work with cvs HEAD only. These are al so in the http://www.snort.org/dl/rules/snortrules-current.tar.gz file. Hth, jens ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users --------------------------------- Do you Yahoo!? U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD --------------------------------- Do you Yahoo!? U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD
Current thread:
- ACID v0.9.6b22 - Display alerts snorter (Nov 08)
- Portscan2 and ACID snorter (Nov 08)
- Rule update with snortcenter snorter (Nov 08)
- Re: Rule update with snortcenter Jens Krabbenhoeft (Nov 08)
- Re: Rule update with snortcenter Atul Shrivastava (Nov 09)
- More than one sensor can be managed ..?????? Atul Shrivastava (Nov 09)
- Re: Rule update with snortcenter Larc (Nov 09)
- Re: Rule update with snortcenter Atul Shrivastava (Nov 09)
- Rule update with snortcenter snorter (Nov 08)
- Re: Rule update with snortcenter Michael (Nov 11)
- Portscan2 and ACID snorter (Nov 08)