[Snort-sigs] Adding Changing Snort Rules

Matt btc1 at ...608...
Fri Jun 7 03:07:04 EDT 2002


Hello I was wondering if there is a down and dirty "howto" on
adding/changing new rules?
I have been using snort for a little over a month and would like to start
tweaking my rules a little. I have noticed some nice rules come thru here
that I think would be nice to try out on my home system(winxp/snort1.8.6)
and have struggled with an efficient way to go about adding/changing rules,
I end up taking two steps forward and ten steps back it seems and would like
to know if there is a better way?
Also I was wondering if there is a difference between rulesets for linux
platforms versus windows platforms?  I cant seem to run any rule that has
this(flow:to_server) in it and was wondering if it was for some other type
platform ??


I appreciate your comments and feedback

Sincere Thanks

Matthew S Barnes






More information about the Snort-sigs mailing list