[Snort-users] Snort rules touble.
mkettler at ...4108...
Fri Jun 21 12:31:03 EDT 2002
Yes, it's also why snortrules.tar.gz contains a snort.conf, so that you
can look at it for new things you need to include :)
I'd first get things up and running using the supplied rules.
If you then want to try using snortrules.tar.gz, try it, but be aware of
the pitfalls involved in assuming you can just use new .rules files with an
older.conf file ;)
At 02:41 PM 6/21/2002 -0400, Jason Gauthier wrote:
>I understand now.
>The rules supplied separately have variables supplied for the ports.
>The rules supplied with the distribution have them staticly entered.
>Thanks a lot!
> >-----Original Message-----
> >From: Slighter, Tim [mailto:tslighter at ...5174...]
> >Sent: Friday, June 21, 2002 2:36 PM
> >To: 'Jason Gauthier'; snort-users at lists.sourceforge.net
> >Subject: RE: [Snort-users] Snort rules touble.
> >Just like Matt Kettler said, and pretty sure he is right. You need to
> >stick with the rules that come with the 1.86 build and NOT use the
More information about the Snort-users