[Snort-users] Updating Rules?

John Creegan jcreegan at ...9729...
Thu Feb 12 13:34:19 EST 2004


When you say 'your own rule files', do you mean that you created your
own rules files, and that you are updating with oinkmaster?

If you are updating with oinkmaster, you can specify files to skip (not
update) by adding "skipfile" lines to your oinkmaster.conf file.

>>> Vines Scott D 2d Lt AFFTC/IT <Scott.Vines at ...11171...> 02/12/04
03:04PM >>>
While we're on the subject of updating rules:  I have customized my own
rule
files by disabling certain alerts within the files (but not turning off
the
entire rule set)...is there a graceful way to update rules without
having to
turn these off again?

-----Original Message-----
From: Dusty Hall [mailto:halljer at ...8709...] 
Sent: Thursday, February 12, 2004 12:17 PM
To: snort-users at lists.sourceforge.net 
Subject: [Snort-users] Updating Rules?


I'm curious about the process of updating Snort 2.1.0 (NOT 2.1.1 RC1)
rules.  Snort.org list the following for rule packages:

CURRENT - development is done here. Be careful if you use CURRENT
2_1 - the "stable" branch, where we do bug fixes for the currently
"shipping" snort. probably ok for production, might not be release
quality yet
2_0 - the "deprecated" branch, most definately release quality, but
not
really worked on, except for rule updates

Which should I use for 2.1.0?   Is 2.1.1 RC1 the "currently "shipping"
snort"?  Should I update? 

Thank goodness I don't use oinkmaster to autoupdate...

Thanks,


-Dusty



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click 
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net 
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users 
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users 


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click 
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net 
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users 
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


This message (including any attachments) contains confidential 
information intended for a specific individual and purpose, 
and is protected by law.  If you are not the intended recipient,
you should delete this message and are hereby notified that any 
disclosure,copying, or distribution of this message, or the taking 
of any action based on it, is strictly prohibited.





More information about the Snort-users mailing list