[Snort-users] Newbie question on signatures

Erek Adams erek at ...577...
Mon Sep 30 16:12:05 EDT 2002

On Mon, 30 Sep 2002, Bryan Brown wrote:

> 	I've been lurking here for three weeks ever since I got snort 1.8.7
> configured and running on my system.  I believe that I have finally gotten
> snort running the way I want it to but I'm confused about the rules files.
> Specifically, are the rules files on www.snort.org ever updated.  This
> morning I downloaded the one from the web page and did a diff against the
> rules I originally grabbed.  The only differences reported were the ones I
> added to my own local.rules file.
> 	Is there a source of updated rules for use with snort anywhere?  I
> looked through the archives and didn't see any mention of this.

The signatures are updated fairly often.  Once a new signature is written,
it's often added into the rules within hours.

You'll want: http://www.snort.org/dl/signatures/snortrules-stable.tar.gz

Grab that, move the rules to your snort rules dir--Watch out for the empty
local.rules that might overwrite your own--Add any rules you need to
snort.conf and then restart snort.  You'll also want to make sure the .conf
file with the rulesets is the same as the one with snort.  There may be

Hope that helps!

Erek Adams

More information about the Snort-users mailing list