Snort mailing list archives
Re: Rule update with snortcenter
From: "Larc" <larc () pandora be>
Date: Sat, 9 Nov 2002 12:15:40 +0100
Hi,
When you install a new agent, you have to activate the rules that you want to use for that 'sensor scope' and then push
the configuration to the sensor.
If you get " No update this time " in the management console, that is because there are no changes in the
snortrules-stable rules from the snort website or if you are behind a proxy server, you didn't enter the right proxy
server in the 'config.php' file
Regards,
Stefan Dens
----- Original Message -----
From: Atul Shrivastava
To: Jens Krabbenhoeft ; snort-users () lists sourceforge net
Sent: Saturday, November 09, 2002 9:28 AM
Subject: Re: [Snort-users] Rule update with snortcenter
Hi,
When I have done a fresh installation of snort center agent and then click on the UPDATE from the Internet then it
displays that " No update this time " while I am updating it for the first time.
Also when I check the snort configuration file then there is no rule in it.
Can anyone tell me the solution.
Thanks in advance.
Regards,
Atul Shrivastava
Jens Krabbenhoeft <tschenz-snort-users () noris net> wrote:
Michael,
> Why Snortcenter doesn't recognize that there are rules more up to date
> on www.snort.org?
The way snortcenter checks for new signatures is as follows:
* a known signature has a known revision - if that revision increases,
it says "rule has updated"
* if it finds an unknown sid, it says "rule added"
Apparently the snortrules-stable file has no new rules since 2002/10/31:
> grep "\$Id" * | grep "2002/11"
> grep "\$Id" * | grep "2002/10"
policy.rules:# $Id: policy.rules,v 1.25.2.1 2002/10/18 15:24:20 andrewbaker Exp $
> grep "\$Id" * | grep "2002/09"
attack-responses.rules:# $Id: attack-responses.rules,v 1.16 2002/09/18 12:52:31 cazz Exp $
experimental.rules:# $Id: experimental.rules,v 1.64 2002/09/17 18:38:10 roesch Exp $
There are new rules in cvs HEAD, which work with cvs HEAD only. These
are al so in the http://www.snort.org/dl/rules/snortrules-current.tar.gz
file.
Hth,
jens
-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
Do you Yahoo!?
U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD
Current thread:
- ACID v0.9.6b22 - Display alerts snorter (Nov 08)
- Portscan2 and ACID snorter (Nov 08)
- Rule update with snortcenter snorter (Nov 08)
- Re: Rule update with snortcenter Jens Krabbenhoeft (Nov 08)
- Re: Rule update with snortcenter Atul Shrivastava (Nov 09)
- More than one sensor can be managed ..?????? Atul Shrivastava (Nov 09)
- Re: Rule update with snortcenter Larc (Nov 09)
- Re: Rule update with snortcenter Atul Shrivastava (Nov 09)
- Rule update with snortcenter snorter (Nov 08)
- Re: Rule update with snortcenter Michael (Nov 11)
- Portscan2 and ACID snorter (Nov 08)