[Snort-users] Snort rule lookup from ACID
jeff-kell at ...6282...
Wed Mar 16 07:17:58 EST 2005
Duran, Randy wrote:
> I have not seen an answer to this question so I'll post the solution
which I found on the support forum on snort.org for the benefit of those
who haven't looked there yet.
> In acid_conf.php change the line that reads:
> "snort" => array("http://www.snort.org/snort-db/sid.html?sid=", ""),
> change it to:
> "snort" => array("http://www.snort.org/pub-bin/sigs.cgi?sid=", ""),
On a more general note, does it bother anyone else that the "new" snort
rule documentation no longer shows the signature?
Often when I get questionable alerts, I want to see what made the rule
fire. Surely there has to be a better alternative than grepping the
rules file on the sensor. Can't you allow something like the 'oink
code' logic to let the new HTML page render the rule itself?
Jeff (who got his oink code to work to get rules, now wishing I could
properly display the docs as before)
More information about the Snort-users