[Snort-users] Snort rules touble.

Matt Kettler mkettler at ...4108...
Fri Jun 21 12:31:03 EDT 2002

Yes, it's also why snortrules.tar.gz contains a snort.conf,  so that you 
can look at it for new things you need to include :)

I'd first get things up and running using the supplied rules.

If you then want to try using snortrules.tar.gz, try it, but be aware of 
the pitfalls involved in assuming you can just use new .rules files with an 
older.conf file ;)

At 02:41 PM 6/21/2002 -0400, Jason Gauthier wrote:
>I understand now.
>The rules supplied separately have variables supplied for the ports.
>The rules supplied with the distribution have them staticly entered.
>Thanks a lot!
> >-----Original Message-----
> >From: Slighter, Tim [mailto:tslighter at ...5174...]
> >Sent: Friday, June 21, 2002 2:36 PM
> >To: 'Jason Gauthier'; snort-users at lists.sourceforge.net
> >Subject: RE: [Snort-users] Snort rules touble.
> >
> >
> >Just like Matt Kettler said,  and pretty sure he is right.  You need to
> >stick with the rules that come with the 1.86 build and NOT use the
> >snortrules.tar.gz

More information about the Snort-users mailing list