Snort mailing list archives
Re: Rule update with snortcenter
From: Michael <snorter () gmx net>
Date: Mon, 11 Nov 2002 14:57:44 +0100 (MET)
Hi Jens, thank you for your answer! But I'm still wondering why date and time of the rules file on www.snort.org changes every day if there's no updated rule. Regards Michael
Michael,Why Snortcenter doesn't recognize that there are rules more up to date on www.snort.org?The way snortcenter checks for new signatures is as follows: * a known signature has a known revision - if that revision increases, it says "rule has updated" * if it finds an unknown sid, it says "rule added" Apparently the snortrules-stable file has no new rules since 2002/10/31:grep "\$Id" * | grep "2002/11" grep "\$Id" * | grep "2002/10"policy.rules:# $Id: policy.rules,v 1.25.2.1 2002/10/18 15:24:20 andrewbaker Exp $grep "\$Id" * | grep "2002/09"attack-responses.rules:# $Id: attack-responses.rules,v 1.16 2002/09/18 12:52:31 cazz Exp $ experimental.rules:# $Id: experimental.rules,v 1.64 2002/09/17 18:38:10 roesch Exp $ There are new rules in cvs HEAD, which work with cvs HEAD only. These are also in the http://www.snort.org/dl/rules/snortrules-current.tar.gz file. Hth, jens ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen! ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ACID v0.9.6b22 - Display alerts snorter (Nov 08)
- Portscan2 and ACID snorter (Nov 08)
- Rule update with snortcenter snorter (Nov 08)
- Re: Rule update with snortcenter Jens Krabbenhoeft (Nov 08)
- Re: Rule update with snortcenter Atul Shrivastava (Nov 09)
- More than one sensor can be managed ..?????? Atul Shrivastava (Nov 09)
- Re: Rule update with snortcenter Larc (Nov 09)
- Re: Rule update with snortcenter Atul Shrivastava (Nov 09)
- Rule update with snortcenter snorter (Nov 08)
- Re: Rule update with snortcenter Michael (Nov 11)
- Portscan2 and ACID snorter (Nov 08)