[Snort-users] new rules, any db changes?

Steve Halligan agent33 at ...187...
Tue Mar 13 13:51:51 EST 2001


> I just downloaded the latest CVS version of snort from 
> sourceforge and was
> looking at the rules.  I noticed that the rules no longer 
> have the IDS number
> as part of the message field.

Yup.

> So I went looking through the 
> spo_database.c
> file to see if there were any comments regarding a change in 
> the db format.  I
> didn't see any that I could identify.

Nope.
>  Is the new rules 
> format going to affect
> the current db schema?

Yup.

Please find attached a diff to spo_database.c (created by Brian Caswell)
that concatenates the ref info back into msg so it fits in the current
database schema.
Also find attached a diff to acid (by me) that parses these new messages
(and the old ones for backwards compatibility) so the hyperlinks the
whitehats/CVE still work.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: database.diff
Type: application/octet-stream
Size: 1866 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010313/ea72228b/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch2.dif
Type: application/octet-stream
Size: 1315 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010313/ea72228b/attachment-0001.obj>


More information about the Snort-users mailing list