Re: Re: Rule update with snortcente

["larc" <larc () pandora be>]

ok, this is bad timing to import the snortrule.
If I surf to www.snort.org I get a connection time out.
I guese there is a problem on the internet or with the snort website at this time.

Stefan D.

------------------------
 Atul Shrivastava <atul_iet () yahoo com> wrote:
------------------------
Hi,
> Ya, you are telling right. I am behinf a proxy, but I have configured the proxy settings in the config.php in 
> /var/www/html/snortcenter directory.
> I have defined the proxy path as:
> $proxy = " ipaddress:port";
> When I click on the view rules, then there is no rules in it. Also when I select the sensor in place of default sensor.
> As you are saying that it may be possible that there is no update for this time, but is not so because there is no 
> rule in the rule base.
> Now can you tell me, how can I get out from this.
> Thanks in advance.
> Regards,
>           Atul Shrivastava
>
> Larc  wrote:Hi, When you install a new agent, you have to activate the rules that you want to use for that 'sensor 
> scope' and then push the configuration to the sensor. If you get " No update this time " in the management console, 
> that is because there are no changes in the snortrules-stable rules from the snort website or if you are behind a 
> proxy server, you didn't enter the right proxy server in the 'config.php' file Regards,Stefan Dens----- Original 
> Message ----- From: Atul Shrivastava To: Jens Krabbenhoeft ; snort-users () lists sourceforge net Sent: Saturday, 
> November 09, 2002 9:28 AMSubject: Re: [Snort-users] Rule update with snortcenter
>
> Hi, 
> When I have done a fresh installation of snort center agent and then click on the UPDATE from the Internet then it 
> displays that " No update this time " while I am updating it for the first time. 
> Also when I check the snort configuration file then there is no rule in it. 
> Can anyone tell me the solution. 
> Thanks in advance. 
> Regards, 
>               Atul Shrivastava 
>
> Jens Krabbenhoeft  wrote: Michael,
>
> > Why Snortcenter doesn't recognize that there are rules more up to date
> > on www.snort.org?
>
> The way snortcenter checks for new signatures is as follows:
>
> * a known signature has a known revision - if that revision increases,
> it says "rule has updated"
> * if it finds an unknown sid, it says "rule added"
>
> Apparently the snortrules-stable file has no new rules since 2002/10/31:
>
> > grep "\$Id" * | grep "2002/11"
> > grep "\$Id" * | grep "2002/10"
> policy.rules:# $Id: policy.rules,v 1.25.2.1 2002/10/18 15:24:20 andrewbaker Exp $
> > grep "\$Id" * | grep "2002/09"
> attack-responses.rules:# $Id: attack-responses.rules,v 1.16 2002/09/18 12:52:31 cazz Exp $
> experimental.rules:# $Id: experimental.rules,v 1.64 2002/09/17 18:38:10 roesch Exp $
>
> There are new rules in cvs HEAD, which work with cvs HEAD only. These
> are al so in the http://www.snort.org/dl/rules/snortrules-current.tar.gz
> file. 
>
> Hth,
> jens
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: See the NEW Palm 
> Tungsten T handheld. Power & Color in a compact size!
> http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> ---------------------------------
> Do you Yahoo!?
> U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD
>
>
> ---------------------------------
> Do you Yahoo!?
> U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD
>
> Hi,
> Ya, you are telling right. I am behinf a proxy, but I have configured the proxy settings in the config.php in 
> /var/www/html/snortcenter directory.
> I have defined the proxy path as:
> $proxy = " ipaddress:port";
> When I click on the view rules, then there is no rules in it. Also when I select the sensor in place of default sensor.
> As you are saying that it may be possible that there is no update for this time, but is not so because there is no 
> rule in the rule base.
> Now can you tell me, how can I get out from this.
> Thanks in advance.
> Regards,
> Atul Shrivastava
>
> Larc &lt;larc () pandora be&gt; wrote:
>
>
>
>
> Hi,
>
> When you install a new agent, you have to activate the rules that you want to use for that 'sensor scope' and then 
> push the configuration to the sensor.
>
> If you get " No update this time " in the management console, that is because there are no changes in the 
> snortrules-stable rules from the snort website or if you are behind a proxy server, you didn't enter the right proxy 
> server in the 'config.php' file
>
> Regards,
> Stefan Dens
>
> ----- Original Message ----- 
> From: Atul Shrivastava 
> To: Jens Krabbenhoeft ; snort-users () lists sourceforge net 
> Sent: Saturday, November 09, 2002 9:28 AM
> Subject: Re: [Snort-users] Rule update with snortcenter
>
> Hi, 
> When I have done a fresh installation of snort center agent and then click on the UPDATE from the Internet then it 
> displays that " No update this time " while I am updating it for the first time. 
> Also when I check the snort configuration file then there is no rule in it. 
> Can anyone tell me the solution. 
> Thanks in advance. 
> Regards, 
> Atul Shrivastava 
>
> Jens Krabbenhoeft &lt;tschenz-snort-users () noris net&gt; wrote: 
> Michael,&gt; Why Snortcenter doesn't recognize that there are rules more up to date&gt; on www.snort.org?The way 
> snortcenter checks for new signatures is as follows:* a known signature has a known revision - if that revision 
> increases,it says "rule has updated"* if it finds an unknown sid, it says "rule added"Apparently the snortrules-stable 
> file has no new rules since 2002/10/31:&gt; grep "\$Id" * | grep "2002/11"&gt; grep "\$Id" * | grep 
> "2002/10"policy.rules:# $Id: policy.rules,v 1.25.2.1 2002/10/18 15:24:20 andrewbaker Exp $&gt; grep "\$Id" * | grep 
> "2002/09"attack-responses.rules:# $Id: attack-responses.rules,v 1.16 2002/09/18 12:52:31 cazz Exp 
> $experimental.rules:# $Id: experimental.rules,v 1.64 2002/09/17 18:38:10 roesch Exp $There are new rules in cvs HEAD, 
> which work with cvs HEAD only. Theseare al
>  so in the http://www.snort.org/dl/rules/snortrules-current.tar.gzfile. 
> Hth,jens-------------------------------------------------------This sf.net email is sponsored by: See the NEW Palm 
> Tungsten T handheld. Power &amp; Color in a compact 
> size!http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en_______________________________________________Snort-users
>  mailing listSnort-users@lists.sourceforge.netGo to this URL to change user options or 
> unsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users list 
> archive:http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> Do you Yahoo!?U2 on LAUNCH - Exclusive medley &amp; videos from Greatest Hits CDDo you Yahoo!?
> U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users