[Snort-users] Just FYI

Steve Halligan agent33 at ...187...
Thu Mar 1 15:03:09 EST 2001


question:
Has spo_database been altered to store the data from the reference field?

> -----Original Message-----
> From: Jim Forster [mailto:jforster at ...176...]
> Sent: Thursday, March 01, 2001 12:06 PM
> To: Snort Users
> Subject: [Snort-users] Just FYI
> 
> 
> The new 'clean' ruleset is up and ready for download.  There 
> have been some
> major changes to this set (many thanks to Brian Caswell) and 
> it is a much
> cleaner, more accurate rulebase.
> <You will also find that the online database reflects the 
> changes made to
> this release.>
> 
> Changes include:
> 1) A modular ruleset design, so entire sets can be disabled 
> with a simple
> comment in the snort.conf file.
> 2) Links to arachNIDS, CVE #'s, Bugtraq IDs, etc.. have been 
> moved from the
> 'MSG' field to the 'reference' field.  This will break 
> SnortSnarf's HTML
> linking for the time being, but the Silicon Defense guys are 
> aware of the
> changes and will be updating soon.
> 3) The snort.conf file has much more information in it to aid 
> in configuring
> plugins and tweaking your setup.  We also added more 
> variables to the config
> definition, to make breaking out your mail/web servers much easier.
> 4) This file is built for Snort 1.7.0 and higher only, so be 
> sure you're
> current before trying to use it.
> 
> NOTE: It is recommended to move any local-network rules you 
> have written
> into the local.rules file, especially if you have pass rules 
> you need to
> keep...  This 'local.rules' file is in the full download as a 
> blank rule
> file, and will not be included after the initial release. - 
> Hopefully people
> that must do intense editing for their local networks won't 
> have such a
> nightmare doing updates from the Snort.org rulebase now.  :)
> Thanks!
> 
> Jim Forster
> Network Administrator
> RapidNet / DakotaConnect
> --------------------------------------------
> http://www.snort.org
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> 




More information about the Snort-users mailing list