[Snort-users] NEW db & ACID

Karl Lovink karl at ...501...
Fri Mar 23 14:36:38 EST 2001


Roman,

Is there a requested feature list for ACID. If not would it be possible
to implement a top 10 or 50 list vor most frequent IP adresses (from or to)
in ACID.
It would be more easy to detect for instance scans on your systems.

Cheers,
Karl


DISCLAIMER: This email is confidential and contains information
some or all of which may be legally privileged for the intended
recipient only. If you have received this message in error please
notify the sender. You must not use, disclose, distribute, copy, print,
or rely on the stated or implied contents.The email and any
attachments have been scanned for viruses by INU Consultancy,
however we cannot guarantee that emails do not contain
a virus. Please visit www.inu.nl for contact information.


-----Oorspronkelijk bericht-----
Van: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]Namens roman at ...438...
Verzonden: vrijdag 23 maart 2001 14:42
Aan: Kevin.Brown at ...1022...
CC: snort-users at lists.sourceforge.net
Onderwerp: Re: [Snort-users] NEW db & ACID


With the help of Cornett Wood (cornett at ...1649...) ACID
now supports the Snort rule reference tags.  Download
version 0.9.6b6 from acidlab.sourceforge.net.

Signatures are now always printed as follows:

[reference1] ... [reference-n] <Signature Name>

Where [reference-x] is hyperlinked text like "butraq", "cve",  etc.
pointing to the appropriate link on the site.

Thanks for all those who submitted workaround patches!  What
still remains is a better system to include custom references in
ACID (i.e. how to store the reference URL), and fixing any
signature sorting which broke under this scheme.

Note: the ACID cvs appears to be in an inconsistent state.
I will work on this.

Roman

> To my knowledge there is no version of ACID for the new schema as yet.
>
> > Sorry if I have not been paying attention lately.  Upgraded to the
latest
> > CVS this morning, reloaded the database stuff.  Now what do I have to do
> > to ACID to make it work with the new db??
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list