Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort Rules Update BROKE

From: CunningPike <cunningpike () gmail com>
Date: Mon, 12 Apr 2010 12:52:17 -0700
On Mon, Apr 12, 2010 at 10:37 AM, Joel Esler <joel.esler () me com> wrote:

Billy,

Detection_filter is a keyword for 2.8.5.

If you are using the up to date Snort rules, you need to use the up to
date version of Snort.

--
Joel Esler
Sent from my iPhone

On Apr 12, 2010, at 12:03 PM, Billy Marshall
<Billy.Marshall () state co us> wrote:


Hi all,
How long will the snort rule updates for 2.8.4.1 going to be broke?
I noticed it mentioned march 16th

ERROR: Warning: /etc/snort/rules/dns.rules(59) => Unknown keyword '
detection_filter' in rule!
I understand there are many more.



In the meantime, you could try this oinkmaster config:

modifysid * "detection_filter:" | "threshold:type both,"

CP

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: