[Snort-users] Problem with Snort 2.0.4 and Snort Rules

Nigel Houghton nigel at ...1935...
Tue Nov 18 18:12:11 EST 2003

: Message: 3
: Date: Tue, 18 Nov 2003 14:22:59 -0500
: To: "Mark Ewert" <mewert at ...10516...>, <snort-users at lists.sourceforge.net>
: From: Matt Kettler <mkettler at ...4108...>
: Subject: Re: [Snort-users] Problem with Snort 2.0.4 and Snort Rules

: At 11:54 AM 11/18/2003, Mark Ewert wrote:

: >I'm having a strange problem with Snort 2.0.4 and the latest rules.
: When I
: >execute Snort I get the following messages in /var/log/messages.
: I'm
: >running Snort 2.0.4 with Phil Wood's Ring PCAP library. Anyone have
: any ideas?

: snortrules-current requires snort-current, not snort-2.0.4.

: "current" == "unstable development branch"

: "current" explicitly does not mean "current release version".. that's
: what "stable" means.

; Many other open source projects use this convention.. ie: debian,
:openbsd, freebsd, etc.

Just a nitpick here, but this is NOT true for FreeBSD. Many people get
confused with RELENG, STABLE and CURRENT for FreeBSD because it is NOT the
same as with other operating systems.

: Use the stable rules with 2.0.4, or just the rules that come with 2.0.4,
: but the "current" rules are never guaranteed to work with anything but
: the "current" version of snort, which is a development snapshot not a
: numbered release.

Please look at:


"Right now, CURRENT is stable. Please use CURRENT."

Nigel Houghton   Security Research Engineer   Sourcefire Inc.
                 Vulnerability Research Team

"Mankind hasn't even got the technology to create a toupee
that doesn't get big laughs." -- Lister

More information about the Snort-users mailing list