| Main Archive Page > Month Archives > snort-sigs archives |
Re: [Snort-sigs] Rule Migration Cheat Sheet?
From: Joel Esler <jesler_at_nospam>Date: Wed Dec 22 2010 - 20:45:10 GMT
To: "Crook, Parker" <Parker_Crook@reyrey.com>
Maybe a "contest" to see who gets the conversion guide to me in the most accurate and complete format first?
;)
J
On Dec 22, 2010, at 12:12 PM, Crook, Parker wrote:
>> There are several new keywords (file_data, byte_extract, http_*) We don't
>> have a specific conversion cheat sheet, as the old rule options still work
>> fine, the new rule options just allow for clarification of functionality and
>> a more specific and efficient rule writing process.
>>
>> That being said, I know a lot of you want to get your rules updated to Snort
>> 2.9 format, I am just swamped, and I know I won't get to it until late
>> January. If anyone from the community wants to write a cheat sheet document,
>> we'll review it, I'll put it on the blog, snort.org, and I'll give you a free
>> VRT rule subscription for a year.
>>
>> Takers?
>
> I've had 2.9 setup in the lab for a while and haven't made the push in production yet for this very reason. I suppose I can take the plunge and start working on it and I will document my findings. I'll get started on this but I'm not sure how long it will take.
>
> -Parker
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and,
should the need arise, upgrade to a full multi-node Oracle RAC database
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs