Converting from 1.8.6 to 1.9 - Flow statements vs. Flags

["Pacheco, Michael F." <MPacheco () elcom com>]

Hi All,

Upgraded successfully to 1.9 from 1.8.6 and have been running pretty
smoothly for a few weeks, running side - by side and I'm getting ready to
cut over the 1.9 instance to production.  Now I have to start converting
some of my custom signatures to 1.9 format.  Is there any hard and fast
rules in converting a rule that has a "flags:A+;" statement to a
"flow:to_server,established;" statement ?  I've been reading the docs and
there does not seem to be, but any comments from individuals who have
converted would be welcomed - any little things to watch for? problems,
issues?

Thanks

Mike


-------------------------------------------------------
This SF.NET email is sponsored by: Thawte.com
Understand how to protect your customers personal information by implementing
SSL on your Apache Web Server. Click here to get our FREE Thawte Apache 
Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users