[Snort-users] Snort Rule Downloading - Working now! (NOT!!!) (update use -CURRENT for 2.1.2)

M. Morgan mikemorgan at ...468...
Wed May 5 06:37:05 EDT 2004


FYI:
To edit the configuration of Snortcenter so it reflects the new URL for 
update downloads. Note that this is on Sentinix Linux but the config should be the same in all <current> releases of Snortcenter.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ URL to update Snort rules / sentinix uses snort ver. 2.0.4 /      ~
~ manually update the "/usr/local/snort/snortcenter/config.php" file to
reflect the new URL~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~ Use PICO/VIM to edit config.php ~

The "old" URL in snortcenter for rules updates is:

http://www.snort.org/dl/signatures/snortrules-stable.tar.gz



The "new" URL for snort rules updates is: (if your running snort 2.0)

http://www.snort.org/dl/rules/snortrules-snapshot-2_0.tar.gz

cheers,
michael

-----Original Message-----
From: Jason <security at ...5028...>
Sent: May 4, 2004 4:40 PM
To: "Vogle, Brian" <Brian.Vogle at ...11483...>
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snort Rule Downloading - Working now! (NOT!!!) (update use -CURRENT for 2.1.2)

I can confirm that the rules work with 2.1.1, 2.1.2, and 2.1.3RC1. Just 
tested the current ruleset with each and the engine does not complain...

Vogle, Brian wrote:

> Can we get an official confirmation on this?
> 
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of McCash,
> John
> Sent: Tuesday, May 04, 2004 12:18 PM
> To: snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] Snort Rule Downloading - Working now!
> (NOT!!!) (update use -CURRENT for 2.1.2)
> 
> 
> Guys,
> 	I now have to stand corrected. It seems (according to email I
> received from Brian Casewell) that the updates that I was looking
> (LSASS, etc) for don't work on 2.1.0 and before, and if you're running
> 2.1.2 or above, you're supposed to use the -CURRENT updates. It'd be
> nice if the download page said that rather than to use the -2_1 rules
> for 2.1.*.
> 		John
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g. 
> Take an Oracle 10g class now, and we'll give you the exam FREE. 
> http://ads.osdn.com/?ad_id149&alloc_id?66&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users
> 



-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list