Snort mailing list archives

Re: A few pulledpork questions

From: James Lay <jlay () slave-tothe-box net>
Date: Tue, 13 Aug 2013 11:57:44 -0600

On 2013-08-13 11:44, Y M wrote:

I will try to help at the best I can

To: snort-users () lists sourceforge net
Date: Tue, 13 Aug 2013 11:08:18 -0600
From: jlay () slave-tothe-box net
Subject: [Snort-users] A few pulledpork questions

Hey all,

First...seeing this when I run PP:

Generating Stub Rules....
An error occurred: WARNING: threshold.conf(26) threshold
(standalone) is deprecated; use event_filter instead.

which is:
threshold gen_id 138, sig_id 1000, type limit, track by_src, count

1,

seconds 60

From the readme.thresholding:
THRESHOLD EXAMPLES:
------------------
# Rule Threshold - Limit to logging 1 event per 60 seconds
threshold gen_id 1, sig_id 1851, type limit, track by_src, count 1,
seconds 60

Why is the error occurring? What can I do to troubleshot this?


"Threshold" keyword is/will be deprecated. If you read the line right
above the table in section "2.4.2.1 Format" at
http://manual.snort.org/node19.html [1], it says that threshold will
be deprecated. Use event_filter instead. The table gives good usage
explanation.


Thanks YM...I was confused about it and you cleared it up :)

James

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

A few pulledpork questions James Lay (Aug 13)
- Re: A few pulledpork questions Y M (Aug 13)
  - Re: A few pulledpork questions James Lay (Aug 13)
- Re: A few pulledpork questions Eoin Miller (Aug 13)
  - Re: A few pulledpork questions James Lay (Aug 13)
    - Re: A few pulledpork questions JJC (Aug 13)
    - Re: A few pulledpork questions James Lay (Aug 13)
    - Re: A few pulledpork questions JJC (Aug 13)
    - Re: A few pulledpork questions James Lay (Aug 13)