[Snort-users] (no subject)

Jim Forster jforster at ...176...
Fri Sep 15 11:09:31 EDT 2000


Nick,
There's really no 'set format' to the rules.  I try to put an IDS# in front
(if available) to match up to Max Vision's database -  makes it much easier
for many of the log parsers too.
If there was any other associated info (that I could find at the time) I
list that as well.   I suppose I could finally decide on one format and
stick to it, but thus far, it's been on a single-rule basis.  :)

Jim Forster
Network Administrator
RapidNet / DakotaConnect

----- Original Message -----
From: "Joseph Nicholas Yarbrough" <nyarbrough at ...262...>
To: <snort-users at lists.sourceforge.net>
Sent: Friday, September 15, 2000 4:53 AM
Subject: [Snort-users] (no subject)


> Hello all,
> I was wondering if there is a standard for the message field of a snort
> signature.  I noticed many signature messages that start with "IDS"
followed by
> 3 digits and then either " - " or "/". Then again many of the signatures
had no
> IDS??? header at all. Figured someone might be able to help me out.
>
> Thanks,
> Nick
>
> --
>
> Joseph Nicholas Yarbrough
> Network Security Analyst
> LURHQ Corporation
> ==========================>
> 843-347-1075 ext. 312
> nyarbrough at ...262...
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users




More information about the Snort-users mailing list