[Snort-sigs] threshold --> detection_filter

Todd Wease twease at ...435...
Fri Sep 18 14:38:03 EDT 2009


That shouldn't keep snort from starting up - it is only a warning.  The
use of "threshold" is deprecated but should still work as expected. 
What is the actual fatal error message you are getting?


Jason Wallace wrote:
> OK, I guess I'll be the first one to ask...
>
> After my new install of snort-2.8.5 failed to start with...
>
> Warning: /etc/snort/rules/vrt/dns.rules(59) => threshold (in rule) is
> deprecated; use detection_filter instead.
>
> And then reading...
>
> README.filters
>
> It looks to me like I need to replace...
>
> "threshold:type limit,"
> "threshold: type threshold,"
> "threshold: type both,"
>
> with... "detection_filter:" in all the rules that use a threshold.
>
> Q1)
> Is that an accurate statement of what I need to do with these rules?
>
> Q2)
> When will snortrules-snapshot-CURRENT.tar.gz for registered users be
> updated with these changes?
>
> Q3)
> Shouldn't that have been done prior to/at the time of the release of 2.8.5?
>
> thx,
> Wally
>
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry® Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay 
> ahead of the curve. Join us from November 9-12, 2009. Register now!
> http://p.sf.net/sfu/devconf
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>   





More information about the Snort-sigs mailing list