[Snort-users] When Upgrading Breaks Auto Rule Management

waldo kitty wkitty42 at ...14940...
Thu Apr 28 16:07:51 EDT 2011


On 4/28/2011 12:10, Eoin Miller wrote:
[TRIM]
> Then it occurred to me, go to the site and check if 2.9.0.5 rules are
> available yet for registered users and after reviewing that site and the
> SourceFire blog, it was clear that 30 days have not passed yet. Is it
> possible to get some kind of place holder to pull down the 2.9.0.4
> version of the rules until the 2.9.0.5 rules are available? Otherwise if
> users roll out a new sensor within the first 30 days of a new Snort
> version being released, their VRT auto rule updating will break until
> the 30 days has expired.

this is exactly the situation i brought up some months ago... if the 30 day 
2.9.0.5 rules are not available yet, there should be an automatic redirect to 
the previous available release...

one option that was implemented was to use a "special" snapshot name that would 
be handled in this manner... however i've found that this adds confusion and 
complexity as it is just one more thing to remember to manually change/adjust 
instead of being able to simply follow the current available instructions...




More information about the Snort-users mailing list