Snort mailing list archives
Threshold-Local None snort-2.7
From: "Jeffrey Denton" <dentonj () gmail com>
Date: Sun, 15 Jul 2007 23:28:06 +0200
I´m having a problem with snort-2.7.0 stable that was released on 12 July. From /var/log/messages: -----[thresholding-local]----- none I´m running the VRT and BleedingThreat rule sets. With snort-2.6.1.5, there were over 500 entries under the ¨thresholding-local¨ section. Is anyone else experiencing the same problem? There appears to be a problem with snort processing the threshold options with the signatures. There is no change in the README.thresholding file between the two versions of snort. When I upgraded, I didn´t change any of the config files. The only problem that snort-2.7.0 complained about was with sid:2001846. In particular, the new version of snort did not like ¨icode: >1<5;¨. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Threshold-Local None snort-2.7 Jeffrey Denton (Jul 15)