[Snort-users] Snort Rules Update BROKE

CunningPike cunningpike at ...11827...
Mon Apr 12 15:52:17 EDT 2010


On Mon, Apr 12, 2010 at 10:37 AM, Joel Esler <joel.esler at ...14399...> wrote:
> Billy,
>
> Detection_filter is a keyword for 2.8.5.
>
> If you are using the up to date Snort rules, you need to use the up to
> date version of Snort.
>
> --
> Joel Esler
> Sent from my iPhone
>
> On Apr 12, 2010, at 12:03 PM, Billy Marshall
> <Billy.Marshall at ...9988...> wrote:
>
>> Hi all,
>> How long will the snort rule updates for 2.8.4.1 going to be broke?
>> I noticed it mentioned march 16th
>>
>> ERROR: Warning: /etc/snort/rules/dns.rules(59) => Unknown keyword '
>> detection_filter' in rule!
>> I understand there are many more.
>>

In the meantime, you could try this oinkmaster config:

modifysid * "detection_filter:" | "threshold:type both,"

CP




More information about the Snort-users mailing list