Re: Snort Rule Downloading - Working now! (NOT!!!) (update use -CURRENT for 2.1.2)

["M. Morgan" <mikemorgan () mindspring com>]

FYI:
To edit the configuration of Snortcenter so it reflects the new URL for 
update downloads. Note that this is on Sentinix Linux but the config should be the same in all <current> releases of 
Snortcenter.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ URL to update Snort rules / sentinix uses snort ver. 2.0.4 /      ~
~ manually update the "/usr/local/snort/snortcenter/config.php" file to
reflect the new URL~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~ Use PICO/VIM to edit config.php ~

The "old" URL in snortcenter for rules updates is:

http://www.snort.org/dl/signatures/snortrules-stable.tar.gz



The "new" URL for snort rules updates is: (if your running snort 2.0)

http://www.snort.org/dl/rules/snortrules-snapshot-2_0.tar.gz

cheers,
michael

-----Original Message-----
From: Jason <security () brvenik com>
Sent: May 4, 2004 4:40 PM
To: "Vogle, Brian" <Brian.Vogle () magellanlp com>
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snort Rule Downloading - Working now! (NOT!!!) (update use -CURRENT for 2.1.2)

I can confirm that the rules work with 2.1.1, 2.1.2, and 2.1.3RC1. Just 
tested the current ruleset with each and the engine does not complain...

Vogle, Brian wrote:

> Can we get an official confirmation on this?
>
> -----Original Message-----
> From: snort-users-admin () lists sourceforge net
> [mailto:snort-users-admin () lists sourceforge net] On Behalf Of McCash,
> John
> Sent: Tuesday, May 04, 2004 12:18 PM
> To: snort-users () lists sourceforge net
> Subject: RE: [Snort-users] Snort Rule Downloading - Working now!
> (NOT!!!) (update use -CURRENT for 2.1.2)
>
>
> Guys,
>       I now have to stand corrected. It seems (according to email I
> received from Brian Casewell) that the updates that I was looking
> (LSASS, etc) for don't work on 2.1.0 and before, and if you're running
> 2.1.2 or above, you're supposed to use the -CURRENT updates. It'd be
> nice if the download page said that rather than to use the -2_1 rules
> for 2.1.*.
>               John
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g. 
> Take an Oracle 10g class now, and we'll give you the exam FREE. 
> http://ads.osdn.com/?ad_id149&alloc_id?66&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users



-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users