[Snort-users] Rulesets

Jim Burwell jimb at ...6373...
Thu Jul 18 20:29:02 EDT 2002

I had to do a double take the first time I went to get new rulesets, my 
mouse hovering over 'current' file.  "Oh.  the 'current' file is for the 
devel version.  OK."

Perhaps 'snortrules-devel.tar.gz' would be a more appropriate name for 
this file, seeing most other software out there on the net uses 
'current' in the filename to refer to the most recent stable release, 
not the development release.

Sure, it says right there on the page which is the correct file to get, 
but anything which results in fewer questions asked and general 
confusion is good, eh ?

- Jim

Erek Adams wrote:

>On Thu, 18 Jul 2002, Brandon Harms wrote:
>>I am using RedHat 7.2 with mysql support. I got snort working except it
>>seems to be having problems with the rulesets. It doesn't like the word
>>"flow" in the rules. It will give an error message:
>>"scan.rules => Unknown keyword "flow" in rule!". It does it for all the
>>rules containing the word. Any ideas?
>You're using the wrong ruleset.
>	http://www.snort.org/dl/signatures/snortrules.tar.gz  is for 1.8.7
>	http://www.snort.org/dl/signatures/snortrules-current.tar.gz is for
>the 'development version' (1.9).
>Erek Adams
