[Snort-devel] rules2sql.pl and sql2rules.pl

Chris Green cmg at ...81...
Mon Jan 29 00:30:43 EST 2001


Well, despite my better judgement, I wrote a schema for postgresql
( helped along by reading a db book while in the ER ) and a couple
shoddy perl scripts to support it.

rules2sql supports most things except the reference plugin ( i added
prelim schema support ) and custom rule types.  The custom rule types
shouldn't be too hard to add but it wasn't needed for proof of
concept.

There are bound to be TONS of bugs as I've only done a little bit of
testing and little to no proper breakdown of the problem.  Dynamic /
Activate hasn't been tested but theres scripted support.

I would like to use something like this to manage multiple sensors for
rules - thats what the sid scattered all over the place is for.. I've
planned to have this coexist with Jed's logging schema.

It atleast worked with the standard ruleset shipped w/ snort..

sql2rules does the reverse 

only works with postgresql
basic howto:

createdb snortrules
rules2sql -f snort.conf
sql2rules -f sql-cooked.conf

ftp://helium.tucc.uab.edu/pub/snortrules-sql

Let me know what you all think.

Cheers,
Chris
-- 
Chris Green <cmg at ...81...>
Joe Cool always spends the first two weeks at college sailing his frisbee.
                -- Snoopy




More information about the Snort-devel mailing list