[Snort-users] New rule format

Burleson, Lee (IA) Lee.Burleson at ...1358...
Fri Mar 16 11:04:44 EST 2001


Greetings.

With the latest "RTM" of the ruleset, I had the pleasure of updating two
Snort installations.  I would just like to give a public "well done" to the
developers (and community), as the update was so easy and went off without a
hitch.  A quick file copy of *.rules and a compare of old-new snort.conf
meant that the updates were quite painless.

Way to go!

Loving the new format,

- Lee

> -----Original Message-----
> From: Andrew Betson [mailto:rew at ...1587...]
> Sent: Thursday, March 15, 2001 5:40 PM
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Which rule!
> 
> 
> At 16:23 15/03/2001 -0700, you wrote:
> >Andrew,
> >Check rule #23 in the current info.rules file. (from todays update)
> 
> Thanks for the quick reply, didnt realise how much stull was 
> in info.rules!!
> still getting used to the new rules files layout :-)
> 
> Thx
> 
> Andrew
> 
> >----- Original Message -----
> >From: "Andrew Betson" <rew at ...1587...>
> >To: <snort-users at lists.sourceforge.net>
> >Sent: Thursday, March 15, 2001 4:14 PM
> >Subject: [Snort-users] Which rule!
> >
> >
> > > i get this logged a couple of times a minute from 
> different ip addresses,
> > > im not sure which rule is causing it
> > >
> > > Mar 15 23:06:04 reaper snort: ICMP Echo Request (Undefined Code!):
> > > them.x.x.x -> me.x.x.x
> > > Mar 15 23:06:05 reaper snort: ICMP Echo Reply: me.x.x.x 
> -> them.x.x.x
> > > but id really like to shut it off because its filling my 
> /var/log/snort
> > > pretty quick!!!
> > >
> > >
> > > Andrew
> > > \\\\\/////
> > >
> > >
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > http://lists.sourceforge.net/lists/listinfo/snort-users
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> 




More information about the Snort-users mailing list