[Snort-devel] Snort FAQ 3.15: snortpp

Jan Ploski jpljpl at ...578...
Tue Oct 22 06:31:05 EDT 2002


Hello,

I am reading the FAQ:

> 3.15
>
> Q: Where does one obtain new/modifed rules? How do you merge them in?
> 
> A: New rules can be downloaded via CVS (See 3.16) or alternatively may
> be found at www.snort.org. There is a mailing list dedicated to snort
> rules, called snort-sigs hosted at sourceforge. To merge in new rules
> check out the snortpp program in the snort/contrib directory in the
> snort source archive.

I am looking into snort/contrib of the 1.9.0 release and notice:

1. snortpp.c is there
2. It is not described in the README (other programs are).
3. It is not documented in the source code.
4. It includes a file "splay.c", which is not part of the release.

My conclusion: this program is probably outdated. It should be either
removed and not mentioned at all in the FAQ or the answer should point
to information about how to actually compile and use this utility,
otherwise it's waste of time.

Best regards -
Jan Ploski





More information about the Snort-devel mailing list