[Snort-sigs] threshold --> detection_filter

Jason Wallace jason.r.wallace at ...2420...
Fri Sep 18 12:51:09 EDT 2009


OK, I guess I'll be the first one to ask...

After my new install of snort-2.8.5 failed to start with...

Warning: /etc/snort/rules/vrt/dns.rules(59) => threshold (in rule) is
deprecated; use detection_filter instead.

And then reading...

README.filters

It looks to me like I need to replace...

"threshold:type limit,"
"threshold: type threshold,"
"threshold: type both,"

with... "detection_filter:" in all the rules that use a threshold.

Q1)
Is that an accurate statement of what I need to do with these rules?

Q2)
When will snortrules-snapshot-CURRENT.tar.gz for registered users be
updated with these changes?

Q3)
Shouldn't that have been done prior to/at the time of the release of 2.8.5?

thx,
Wally




More information about the Snort-sigs mailing list