[Snort-users] update rules

Jim B elemint at ...11827...
Fri Mar 3 11:24:00 EST 2006


If my rule path is var RULE_PATH /etc/snort can I just then copy the
numbered rules into the /etc/snort directory and then the new rules will be
used?

What is strange is that the old rules are labeled with a descriptive name
but the new rules have the rule id as the filename.

Jim


On 3/2/06, Our World Is Here <info at ...2282...> wrote:
>
> 1.
> Review your snort.conf and ensure your rules are enabled and in the
> correct
> path as specified in this file.
>
> 2.
> How many rules are running with snort?
> Are they the rules you want?
>
> Etc.
> You may also want to review oinkmaster (...the leader in snort rules
> management).
>
> Cheers,
>
> James Friesen
>
> > -----Original Message-----
> > From: Jim B
> > Sent: Wednesday, March 01, 2006 7:50 PM
> > To: snort-users at lists.sourceforge.net
> > Subject: [Snort-users] update rules
> >
> > After I download the subscription required rules how to I
> > integrate them into my snort configuration,  I have a basic
> > snort config and the rules I have so far are what came with
> > the rpm that I used to install the program.
> >
> > Also how can I be sure that all of the rules are actually
> > being used by snort becuase I am only getting alerts specific to snmp.
> >
> >
> > Jim
> >
>
>
>
> _____
>
> avast! Antivirus <http://www.avast.com> : Outbound message clean.
>
>
> Virus Database (VPS): 0609-1, 03/01/2006
> Tested on: 3/2/2006 7:35:52 AM
> avast! - copyright (c) 1988-2005 ALWIL Software.
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060303/6d07eb2d/attachment.html>


More information about the Snort-users mailing list