Snort mailing list archives
Converting from 1.8.6 to 1.9 - Flow statements vs. Flags
From: "Pacheco, Michael F." <MPacheco () elcom com>
Date: Thu, 16 Jan 2003 09:36:41 -0500
Hi All, Upgraded successfully to 1.9 from 1.8.6 and have been running pretty smoothly for a few weeks, running side - by side and I'm getting ready to cut over the 1.9 instance to production. Now I have to start converting some of my custom signatures to 1.9 format. Is there any hard and fast rules in converting a rule that has a "flags:A+;" statement to a "flow:to_server,established;" statement ? I've been reading the docs and there does not seem to be, but any comments from individuals who have converted would be welcomed - any little things to watch for? problems, issues? Thanks Mike ------------------------------------------------------- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Converting from 1.8.6 to 1.9 - Flow statements vs. Flags Pacheco, Michael F. (Jan 16)