[Snort-users] doc/signature files in Snort-2.9.0.5

Nigel Houghton nhoughton at ...1935...
Wed Apr 27 20:48:45 EDT 2011


On Wed, 27 Apr 2011 23:13:49 +0000, Zultan wrote:
> ----- Original Message -----
>> From: Nigel Houghton
>> Sent: 04/27/11 05:39 PM
>> To: Dheeraj Gupta
>> Subject: Re: [Snort-users] doc/signature files in Snort-2.9.0.5
>> 
>>  
>> On Wed, 27 Apr 2011 18:05:14 +0200, Dheeraj Gupta wrote: 
>>> Hi, 
>>> I have recently upgraded from Snort 2.8.6.1 to 2.9.0.5. Previously 
>>> snort installation had a directory 
>>> /snort_install_path/etc/doc/signatures (or something of that sort) 
>>> which listed .txt files for all the signatures giving details of the 
>>> signature like Affected Systems, Ease of Attack, References, False 
>>> Positives etc. However, in the 2.9.0.5 installation I could not find 
>>> those files. Have they been removed? I had written a program that 
>>> used information contained in those files to extract affected systems 
>>> information and verify the alerts. How should I source that 
>>> information from current snort installation 
>>> 
>>> Regards, 
>>> Dheeraj 
>> 
>> Yes. 
>> 
>> You can find them at: 
>> 
>>  http://www.snort.org/snort-rules/ 
>> 
>> Where it says "Rule Documentation" 
>> 
> 
> Is there a command line URL for that?
> "http://www.snort.org/downloads/885" is subject to change, it is not?
>  
> Z 


Apparently, I did have to do the mailing list search after all:

 http://marc.info/?l=snort-sigs&m=129139707320795&w=2

--
Nigel Houghton
Head Mentalist
SF VRT Department of Intelligence Excellence
http://vrt-blog.snort.org/ && http://labs.snort.org/




More information about the Snort-users mailing list