[Snort-users] new rules, any db changes?

Kevin.Brown at ...1022... Kevin.Brown at ...1022...
Tue Mar 13 16:47:44 EST 2001


Thanks.  Any idea on when the new db schema will be implemented.  I'm looking
at the new rules now and I noticed that the reference isn't always a
number.  I wonder how that would work for searching.

> > I just downloaded the latest CVS version of snort from 
> > sourceforge and was
> > looking at the rules.  I noticed that the rules no longer 
> > have the IDS number
> > as part of the message field.
> 
> Yup.
> 
> > So I went looking through the 
> > spo_database.c
> > file to see if there were any comments regarding a change in 
> > the db format.  I
> > didn't see any that I could identify.
> 
> Nope.
> >  Is the new rules 
> > format going to affect
> > the current db schema?
> 
> Yup.
> 
> Please find attached a diff to spo_database.c (created by Brian Caswell)
> that concatenates the ref info back into msg so it fits in the current
> database schema.
> Also find attached a diff to acid (by me) that parses these new messages
> (and the old ones for backwards compatibility) so the hyperlinks the
> whitehats/CVE still work.
> 
> 





More information about the Snort-users mailing list