[Snort-users] Converting from 1.8.6 to 1.9 - Flow statements vs. Flags
Pacheco, Michael F.
MPacheco at ...6219...
Thu Jan 16 06:38:06 EST 2003
Upgraded successfully to 1.9 from 1.8.6 and have been running pretty
smoothly for a few weeks, running side - by side and I'm getting ready to
cut over the 1.9 instance to production. Now I have to start converting
some of my custom signatures to 1.9 format. Is there any hard and fast
rules in converting a rule that has a "flags:A+;" statement to a
"flow:to_server,established;" statement ? I've been reading the docs and
there does not seem to be, but any comments from individuals who have
converted would be welcomed - any little things to watch for? problems,
More information about the Snort-users