Snort mailing list archives

Re: [snort-users] About attribute replacement

From: Joel Esler <jesler () sourcefire com>
Date: Fri, 18 Oct 2013 08:05:26 -0700

Okay, let me start with the most basic of questions.  Why would you
want to convert Plain text rules to SO rules?

On Fri, Oct 18, 2013 at 1:38 AM, Mayur Patil <ram.nath241089 () gmail com> wrote:

Hi All,

 I am using rule parsing engine to convert text rules into so rules.

 For DOS attack detection mechanism, there are having three attributes:

detection_filter
rate_filter
event_filter

These options are successful in text rules. but when I am parsing these
rules

from rules generator, it gives message "NO VALID RULES TO CONVERT".

Is there any alternative to above options so I can use them in shared object

rules??

Seeking for guidance,

Thanks !

--
Cheers,
Mayur.

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!




-- 
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

[snort-users] About attribute replacement Mayur Patil (Oct 18)
- Re: [snort-users] About attribute replacement Joel Esler (Oct 18)
  - Re: [snort-users] About attribute replacement Mayur Patil (Oct 18)
    - Re: [snort-users] About attribute replacement Mayur Patil (Oct 19)
    - Re: [snort-users] About attribute replacement waldo kitty (Oct 19)