[Snort-users] Rulesets

Jim Burwell jimb at ...6373...
Thu Jul 18 20:29:02 EDT 2002


I had to do a double take the first time I went to get new rulesets, my 
mouse hovering over 'current' file.  "Oh.  the 'current' file is for the 
devel version.  OK."

Perhaps 'snortrules-devel.tar.gz' would be a more appropriate name for 
this file, seeing most other software out there on the net uses 
'current' in the filename to refer to the most recent stable release, 
not the development release.

Sure, it says right there on the page which is the correct file to get, 
but anything which results in fewer questions asked and general 
confusion is good, eh ?

- Jim

Erek Adams wrote:

>On Thu, 18 Jul 2002, Brandon Harms wrote:
>
>>I am using RedHat 7.2 with mysql support. I got snort working except it
>>seems to be having problems with the rulesets. It doesn't like the word
>>"flow" in the rules. It will give an error message:
>>"scan.rules => Unknown keyword "flow" in rule!". It does it for all the
>>rules containing the word. Any ideas?
>>
>
>You're using the wrong ruleset.
>
>	http://www.snort.org/dl/signatures/snortrules.tar.gz  is for 1.8.7
>
>	http://www.snort.org/dl/signatures/snortrules-current.tar.gz is for
>the 'development version' (1.9).
>
>Cheers.
>
>-----
>Erek Adams
>Nifty-Type-Guy
>TheAdamsFamily.Net
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>http://thinkgeek.com/sf
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>

-- 
+---------------------------------------------------------------------+
|    Jim Burwell - Sr. Systems/Network Admin., Broadvision, Inc.      |
+---------------------------------------------------------------------+
| "I never let my schooling get in the way of my education"-Mark Twain|
| "UNIX was never designed to keep people from doing stupid things,   |
| because that policy would also keep them from doing clever things." |
| "Cool is only three letters away from Fool" - Mike Muir, Suicyco    |
| "..Government in its best state is but a necessary evil; in its     |
| worst state an intolerable one.."-Thomas Paine,"Common Sense"(1776) |
+---------------------------------------------------------------------+
|    Email:  jimb at ...6373...               ICQ UIN:  1695089     |
|             Voice:  650-261-5175  Fax:  650-261-5900                |
+---------------------------------------------------------------------+


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020718/048d1cd9/attachment.html>


More information about the Snort-users mailing list