Snort mailing list archives
Re: New rules keyword error
From: "Josh Berry" <josh.berry () linknet-solutions com>
Date: Thu, 23 Oct 2003 14:28:04 -0500 (CDT)
If you are not consistantly monitoring your IDS health, creating your own sigs that custom fit your environment, and weeding out the sigs you don't need then why even have IDS. IDS is not a solution that you plug in and walk away from. I completely agree with the last post, you shouldn't even bother if you don't plan on maintaining it. I spend at least 2 hours a day on IDS analysis and maintenance.
On Thu, 2003-10-23 at 08:57, Marc Quibell wrote:-I have always Auto-updated Snort. Period. Never had any problems.Oh really? You didn't run into problems during the 1.9/2.0 parallel? I remember that CVS all of the sudden contained rules with strange new keywords, and Snort barfed promptly. The solution was obviously to check out the correct tag and not rely on HEAD. Maybe you got lucky with tarballs, but I recall there being with those in the past as well.-I don't pay for this product, it's not a production show-stopper! So no one is going to fuss about it, or even notice it, if it's out of comminsion for 5 mins or 5 days!That may be, but that's only you. Don't assume the same for others.Now, why on Earth would I babysit this product? I can usually fix any problem with rules in a matter of seconds...Maybe I'm missing context, but IDS's need to be babysit. If you don't, there may be something wrong with the way to do IDS. No offense, just some food for thought.... Regards, Frank
------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- New rules keyword error Marc Quibell (Oct 22)
- Re: New rules keyword error Erek Adams (Oct 22)
- <Possible follow-ups>
- Re: New rules keyword error Marc Quibell (Oct 22)
- Re: New rules keyword error Erek Adams (Oct 22)
- Re: New rules keyword error Marc Quibell (Oct 22)
- Re: New rules keyword error Marc Quibell (Oct 23)
- Re: New rules keyword error Frank Knobbe (Oct 23)
- Re: New rules keyword error Josh Berry (Oct 28)
- Re: New rules keyword error Frank Knobbe (Oct 23)
- Re: New rules keyword error John Creegan (Oct 23)
- Re: New rules keyword error Andreas Östling (Oct 23)
- Re: New rules keyword error Jason Haar (Oct 24)
- Re: New rules keyword error Chris Green (Oct 24)
- Re: New rules keyword error Andreas Östling (Oct 23)
- Re: New rules keyword error John Creegan (Oct 23)
- Re: New rules keyword error Jeff Nathan (Oct 25)
- Re: New rules keyword error Marc Quibell (Oct 24)
- Re: New rules keyword error Marc Quibell (Oct 24)
- Re: New rules keyword error Jeff Nathan (Oct 24)
- Re: New rules keyword error Marc Quibell (Oct 24)
(Thread continues...)