[Snort-users] Rule Managment Tool
roman at ...438...
roman at ...438...
Thu May 10 09:44:45 EDT 2001
> Could be an extension to acid... Yes I know, it's just analysis. But it
> could be a cool feature.
Indeed a nice management tool, but as you said not quite analysis.
I have no issues with including such functionality (and
intergrating the actual rules would be nice), but other features
are currently taking priority for now.
> Another thing that could be interesting is to have a parser to include
> checkpoint FW1 & pix logs to snort-acid-db...
There is definitely some prior art here. Look at logsnorter
(in the Snort downloads section) by Jason Haar:
This perl script scans syslog messages (typically in real-time),
picks up any "reject packet" messages generated by Ciscos or
Linux ipfw/ipchains and logs them into your central Snort SQL
database. This allows you to "expand" the reach of snort
without having to put snort out into wierd areas - like
in front of your perimeter router/firewall...
> On Thu, 10 May 2001, Cedric Guillotin wrote:
> > Since I found ACID very interesting to manage logs, I was wondering if I
> > could find a tool to manage rules to get a complete control over snort.
> > I'm looking for a tool with the following functionnalities:
> > - manage rule (store rules in db, sort rules, add, remove update)
> > - manage ruleset for each sensor (select active rules, deploy ruleset)
> > I've seen some scripts, but a frontend could be usefull.
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> Alexandre J.D. Dulaunoy | "Engineering is the implementation of science;
> AD993-RIPE | Politics is the implementation of faith".
> http://www.foo.be/ | Another usenet quote...
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
This message was sent using Voicenet WebMail.
More information about the Snort-users