[Snort-devel] rules2sql.pl and sql2rules.pl
cmg at ...81...
Mon Jan 29 00:30:43 EST 2001
Well, despite my better judgement, I wrote a schema for postgresql
( helped along by reading a db book while in the ER ) and a couple
shoddy perl scripts to support it.
rules2sql supports most things except the reference plugin ( i added
prelim schema support ) and custom rule types. The custom rule types
shouldn't be too hard to add but it wasn't needed for proof of
There are bound to be TONS of bugs as I've only done a little bit of
testing and little to no proper breakdown of the problem. Dynamic /
Activate hasn't been tested but theres scripted support.
I would like to use something like this to manage multiple sensors for
rules - thats what the sid scattered all over the place is for.. I've
planned to have this coexist with Jed's logging schema.
It atleast worked with the standard ruleset shipped w/ snort..
sql2rules does the reverse
only works with postgresql
rules2sql -f snort.conf
sql2rules -f sql-cooked.conf
Let me know what you all think.
Chris Green <cmg at ...81...>
Joe Cool always spends the first two weeks at college sailing his frisbee.
More information about the Snort-devel