[Snort-users] Persistent problems with rule updates for Registerd Users

Joel Esler jesler at ...1935...
Fri Jan 4 10:32:51 EST 2013


On Jan 4, 2013, at 12:40 AM, Michael Steele <michaels at ...9077...> wrote:

> Also, when Snort 2.9.4.0 was released there was a new rule set added to the Subscribers group matching the new Snort release, but not to the Registered Users group.

What file was added?  I don't remember adding anything specifically to that version.  I could be wrong here?


> Shouldn’t that same file be added to the Registered Users group, removing the Subscribers set of rules, and replacing those with the most current rules that the Registered Users are entitled to. Seems that downloading Snort 2.9.4.0 should be accompanied by the matching 2.9.4.0 rule set, no matter what group you’re in, and this way both groups are assured to get all the current configurations for the new release, it would also be less confusing for new users trying to figure out which rule set they need.

We stopped distributing the ruleset with the Snort tarball years ago.  Maybe there's some things we can do here in the future to help get you running out of the box.

But we can't help maintain whatever distribution for WinIDS that you are doing for your customers.  We provide the engine and the ruleset for free, we don't charge you a fee for repackaging it and selling it to your customers (if you do sell it), so whatever maintenance you have to do for your end users is on you in that case.

I am more than willing to hear any new ideas regarding the situation.  But let's be constructive and not destructive.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130104/34006e74/attachment.html>


More information about the Snort-users mailing list