Snort mailing list archives
Re: (no subject)
From: Alan Ptak <alan.ptak () gmail com>
Date: Wed, 2 Mar 2011 21:06:27 -0800
The rule parsing in Snort was improved a few months back to make Snort users and rule-writers aware of deprecated options like "threshold." The preferred way to get that functionality is the "detection_filter" option. This is just a warning, the rule will work as expected. The fix is to updated the rule to use detection_filter instead of threshold. On Mar 2, 2011, at 7:52 PM, sasa susmanto wrote:
I have run snort options below : snort -i3 -s -l c:\snort\log -c c:\snort\etc\snort.conf -T I see warning on the screen : WARNING C:\Snort\rules/backdoor.rules<607> threshold <in rule> is deprecated;use detection_filter instead what does it mean ? how can i fixed it thank's for your help sasa------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Alan Ptak V: 310.488.8606 E: alan.ptak () gmail com ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: (no subject), (continued)
- Re: (no subject) Alan Ptak (Mar 02)
- Re: (no subject) waldo kitty (Mar 02)
- Re: (no subject) Jason Wallace (Mar 03)
- Re: (no subject) Jefferson, Shawn (Mar 03)
- Re: (no subject) JJC (Mar 03)
- Re: (no subject) Jefferson, Shawn (Mar 03)
- Re: (no subject) Dave Venman (Mar 03)
- Re: (no subject) Joel Esler (Mar 04)
- Re: (no subject) Alan Ptak (Mar 02)
- Re: (no subject) Alan Ptak (Mar 02)