[Snort-users] (no subject)
jforster at ...176...
Fri Sep 15 11:09:31 EDT 2000
There's really no 'set format' to the rules. I try to put an IDS# in front
(if available) to match up to Max Vision's database - makes it much easier
for many of the log parsers too.
If there was any other associated info (that I could find at the time) I
list that as well. I suppose I could finally decide on one format and
stick to it, but thus far, it's been on a single-rule basis. :)
RapidNet / DakotaConnect
----- Original Message -----
From: "Joseph Nicholas Yarbrough" <nyarbrough at ...262...>
To: <snort-users at lists.sourceforge.net>
Sent: Friday, September 15, 2000 4:53 AM
Subject: [Snort-users] (no subject)
> Hello all,
> I was wondering if there is a standard for the message field of a snort
> signature. I noticed many signature messages that start with "IDS"
> 3 digits and then either " - " or "/". Then again many of the signatures
> IDS??? header at all. Figured someone might be able to help me out.
> Joseph Nicholas Yarbrough
> Network Security Analyst
> LURHQ Corporation
> 843-347-1075 ext. 312
> nyarbrough at ...262...
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
More information about the Snort-users