[Snort-users] Rule update with snortcenter

Jens Krabbenhoeft tschenz-snort-users at ...7018...
Fri Nov 8 00:47:02 EST 2002


Michael,

> Why Snortcenter doesn't recognize that there are rules more up to date
> on www.snort.org?

The way snortcenter checks for new signatures is as follows:

* a known signature has a known revision - if that revision increases,
  it says "rule has updated"
* if it finds an unknown sid, it says "rule added"

Apparently the snortrules-stable file has no new rules since 2002/10/31:

> grep "\$Id" * | grep "2002/11"
> grep "\$Id" * | grep "2002/10"
policy.rules:# $Id: policy.rules,v 1.25.2.1 2002/10/18 15:24:20 andrewbaker Exp $
> grep "\$Id" * | grep "2002/09"
attack-responses.rules:# $Id: attack-responses.rules,v 1.16 2002/09/18 12:52:31 cazz Exp $
experimental.rules:# $Id: experimental.rules,v 1.64 2002/09/17 18:38:10 roesch Exp $

There are new rules in cvs HEAD, which work with cvs HEAD only. These
are also in the http://www.snort.org/dl/rules/snortrules-current.tar.gz
file. 

Hth,
	jens




More information about the Snort-users mailing list