[Snort-sigs] Rule format anomaly for sid 1024 & 1809

Brian bmc at ...95...
Sat Apr 3 12:13:05 EST 2004


On Sat, Apr 03, 2004 at 08:46:41PM +0200, Sean Wheeler wrote:
> All you regex gurus see below ...got a solution to having the below and
> resolving the above ?

<quote>
Some people, when confronted with a problem, think ``I know, I'll use
regular expressions.'' Now they have two problems.
</quote>

<quote>
Blessed are they that use CPAN, for exceedingly large shall be the
number of wheels that they do not re-invent.
</quote>

If you are trying to parse the rules, try not to re-invent the wheel.
Grab Net::Snort::Parser from http://www.shmoo.com/~bmc/software/snortconfig/

(Its going to be in CPAN shortly :P)

Brian




More information about the Snort-sigs mailing list