[Snort-users] Rules with SDF options cannot have other detection options in the same rule

Joel Esler jesler at ...1935...
Tue Feb 1 15:00:10 EST 2011


On Feb 1, 2011, at 2:35 PM, Michael Scheidell wrote:
> On 2/1/11 1:56 PM, Joel Esler wrote:
>> 
>> That's not right.  I'll bug this on our side for our developers to take a look.  
>> Joel
>> 
> Would you consider it a bug to fail on a signal 30, if system build with targetbased, and doesn't have a targets.xml file?
> 
> You might ask, why send a signal 30 to reload the targets.xml file if you don't have system compiled with --enable-targetbased?
> 
> (freebsd sends a signal 30 is you send it a SIGUSR1)
> 
> I might ask, if --enable-targetbased is NOT specified, why include the code to look for the targets.xml file?


--enable-targetbased, I thought, was on and built in by default in recent versions.  So I am not sure where the bug lies.  sig 30 for Snort?  Or freebsd for sending a sig 30 on a USR1?  Not sure here.

--
Joel Esler
jesler at ...1935...
http://blog.snort.org && http://blog.clamav.net





More information about the Snort-users mailing list