Re: utoh... 2.8.6.1 is out but what about the rules files??

[waldo kitty <wkitty42 () windstream net>]

On 7/25/2010 17:13, Joel Esler wrote:
> On Jul 25, 2010, at 3:37 PM, waldo kitty wrote:
> > On 7/25/2010 14:39, Nigel Houghton wrote:
> > > You're still not telling us what's not working. Which link are you
> > > attempting to use? Are you trying to download Registered or Subscriber
> > > rule packs?
> >
> > my bad... i can't get to the data right now but IIRC, it was the registered user
> > rules... let me see if i can get that data and find out some more information...
> > it may very well be more ongoing confusing with the new url formats...
> I am guessing that since the 2861 rules just came out, that the registered user people have to wait 30 days.

that's probably a good guess... however, as we can see, it causes problems and, 
ideally, i current copy of the latest registered user rules for that version 
should be created so that this kind of thing doesn't happen and "we", inclusive, 
don't get flooded with complaints like this ;)

> > the ones they should be using for snort 2.8.6.1 with oinkmaster are
> >
> > http://www.snort.org/pub-bin/oinkmaster.cgi/*OINKCODE*/snortrules-snapshot-2861.tar.gz
> >
> > OR (for paying vrt subscribers)
> >
> > http://www.snort.org/pub-bin/oinkmaster.cgi/*OINKCODE*/snortrules-snapshot-2861_s.tar.gz
>
> No.

FWIW: these two formats are the ones that i've complained about not being 
depicted in the blog and other places where the two new format examples are 
given... i can only assume that one of those examples, the one with 2.8.6 as the 
version, were given so as to demonstrate the trailing zero padding necessary... 
but none of them discuss or show that the oinkmaster users need not change 
anything... in fact, several posts alert oinkmaster users to make changes that 
won't/don't work :?

> > speaking of which, can you say if the above old oinkmaster format with the "_s"
> > after the version number still works? i have no way to test it (currently) and
> > have not found anyone who it s paying vrt subscriber that uses our environment
> > who is willing to test this code... i'm sure they'll start popping out of the
> > woodwork when it is released and fails, though :? :(
>
> You don't need the _s anymore at all.  Sourcefire takes care of who is subscriber and who is registered on our side, 
> just by looking at your oinkcode.

ok... you and i had exchanged emails on this but i never heard back from you on 
the last exchange where you asked me to specifically test this... i will make 
the necessary adjustments to the code we are using and pass this info on to 
others on the non-FOSS side of the fence so that they are aware of it...

thank you! :)

------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share 
of $1 Million in cash or HP Products. Visit us here for more details:
http://ad.doubleclick.net/clk;226879339;13503038;l?
http://clk.atdmt.com/CRS/go/247765532/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users