[Snort-users] AW: (Snort-users) snort 1.8.1 and vision18.rules and mysql

sandro.poppi at ...3316... sandro.poppi at ...3316...
Tue Sep 4 00:36:02 EDT 2001


I found the solution on whitehats snort forum: Just copy and paste the
classification lines out of vision18.conf (I only took a look at vision18.rules
>8) to classification.config, restart snort and that's it.

Anyway thanx for the help!
Ciao,
Sandro

> -----Ursprüngliche Nachricht-----
> Von: "Jeff Dell" <jdell at ...1095...> at Internet
> Gesendet: Montag, 3. September 2001 10:29
> An: Poppi, Sandro; <snort-users at lists.sourceforge.net> at Internet
> Betreff: RE: [Snort-users] snort 1.8.1 and vision18.rules and mysql
>
>
> The problem that you are having with the first issues is that you are
> trying to use classifications from both rule sets. Unfortuneatly they
> are not using the same classifications and priority settings.
>
> I wrote a Windows 2000 application that merges the two rule sets
> together and cleans up some of the differences between them. It is
> called IDS Policy Manager and you can download it at
www.activeworx.com.
If you start out with the official rule set, this app makes it easy to
merge in new official rules and new whitehat rules when they come out.

Jeff

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Poppi,
Sandro
Sent: Monday, September 03, 2001 10:03 AM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] snort 1.8.1 and vision18.rules and mysql


I updated from snort 1.7 to 1.8.1 and am using vision18.rules from
www.whitehats.com. When starting snort I get weird errors saying "Bad
priority setting ..." over and over for vision18.rules. Disabling it in
snort.conf resolves this but I would like to use them. Any hints?

A second prob I have is with mysql: Since I'm no database guru I don't
know how to upgrade the existing snort 1.7 database to 1.8.1 using the
create_mysql. Running it on the existing db gives me error messages
about existing tables (which is ok I know). Did anyone on the list
already upgrade the db and could send me how?

TIA

Regards,
Sandro Poppi


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list