Snort mailing list archives

Re: (no subject)

From: Alan Ptak <alan.ptak () gmail com>
Date: Wed, 2 Mar 2011 21:06:27 -0800

The rule parsing in Snort was improved a few months back to make Snort users and rule-writers aware of deprecated 
options like "threshold." The preferred way to get that functionality is the "detection_filter" option. 

This is just a warning, the rule will work as expected. 

The fix is to updated the rule to use detection_filter instead of threshold. 


On Mar 2, 2011, at 7:52 PM, sasa susmanto wrote:

I have run snort options below :
snort -i3 -s -l c:\snort\log -c c:\snort\etc\snort.conf -T


I see warning on the screen :
WARNING C:\Snort\rules/backdoor.rules<607> threshold <in rule> is 
deprecated;use 
detection_filter instead



what does it mean ?

how can i fixed it 

thank's for your help


sasa




------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in 
Real-Time with Splunk. Collect, index and harness all the fast moving IT data 
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business 
insights. http://p.sf.net/sfu/splunk-dev2dev 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
Alan Ptak
V: 310.488.8606
E: alan.ptak () gmail com


------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in 
Real-Time with Splunk. Collect, index and harness all the fast moving IT data 
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business 
insights. http://p.sf.net/sfu/splunk-dev2dev 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: (no subject), (continued)
- - Re: (no subject) Alan Ptak (Mar 02)
    - Re: (no subject) waldo kitty (Mar 02)
    - Re: (no subject) Jason Wallace (Mar 03)
    - Re: (no subject) Jefferson, Shawn (Mar 03)
    - Re: (no subject) JJC (Mar 03)
    - Re: (no subject) Jefferson, Shawn (Mar 03)
    - Re: (no subject) Dave Venman (Mar 03)
    - Re: (no subject) Joel Esler (Mar 04)
- Re: (no subject) JJC (Mar 01)
- (no subject) sasa susmanto (Mar 02)
  - Re: (no subject) Alan Ptak (Mar 02)