[Snort-users] Just FYI
agent33 at ...187...
Thu Mar 1 15:03:09 EST 2001
Has spo_database been altered to store the data from the reference field?
> -----Original Message-----
> From: Jim Forster [mailto:jforster at ...176...]
> Sent: Thursday, March 01, 2001 12:06 PM
> To: Snort Users
> Subject: [Snort-users] Just FYI
> The new 'clean' ruleset is up and ready for download. There
> have been some
> major changes to this set (many thanks to Brian Caswell) and
> it is a much
> cleaner, more accurate rulebase.
> <You will also find that the online database reflects the
> changes made to
> this release.>
> Changes include:
> 1) A modular ruleset design, so entire sets can be disabled
> with a simple
> comment in the snort.conf file.
> 2) Links to arachNIDS, CVE #'s, Bugtraq IDs, etc.. have been
> moved from the
> 'MSG' field to the 'reference' field. This will break
> SnortSnarf's HTML
> linking for the time being, but the Silicon Defense guys are
> aware of the
> changes and will be updating soon.
> 3) The snort.conf file has much more information in it to aid
> in configuring
> plugins and tweaking your setup. We also added more
> variables to the config
> definition, to make breaking out your mail/web servers much easier.
> 4) This file is built for Snort 1.7.0 and higher only, so be
> sure you're
> current before trying to use it.
> NOTE: It is recommended to move any local-network rules you
> have written
> into the local.rules file, especially if you have pass rules
> you need to
> keep... This 'local.rules' file is in the full download as a
> blank rule
> file, and will not be included after the initial release. -
> Hopefully people
> that must do intense editing for their local networks won't
> have such a
> nightmare doing updates from the Snort.org rulebase now. :)
> Jim Forster
> Network Administrator
> RapidNet / DakotaConnect
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
More information about the Snort-users