ClearOS release 7.8.1 Snort 2.9.6.2
Rules can be update from community rules - https://www.snort.org/downloads/community/community-rules.tar.gz?
If can how do this?
Rules can be update from community rules - https://www.snort.org/downloads/community/community-rules.tar.gz?
If can how do this?
Share this post:
Responses (9)
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
I download https://rules.emergingthreats.net/open-nogpl/snort-2.9.0/ rules. Insert in snort.conf
And have error
WARNING: /etc/snort.d/rules/emerging-all.rules(627) threshold (in rule) is deprecated; use detection_filter instead.
FATAL ERROR: /etc/snort.d/rules/emerging-all.rules(42918) Bad rule in rules file: tcp -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
You'd need to add a line to /etc/snort.conf to reference the new rules. You also need to make sure there are no duplicates with the current rule set. There is a thread in the forums about integrating the Emerging Threats rules. You may want to see how that was scripted if this rule set gets regularly updated.
I am not sure what to do with the sid-msg.map but I don't think it is important.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »