[Snort-users] New snort rule lookup

Brian bmc at ...950...
Mon Mar 28 13:49:20 EST 2005


On Mon, Mar 28, 2005 at 03:44:45PM -0600, Frank Knobbe wrote:
> That said, "grep 'sid:1234567' *.rules" works just as well. Just take a
> look at the Snort rule themselves.

You should add a semicolon in there to get the *exact* rule you are
looking for:

    grep 'sid:123;' *.rules

Brian




More information about the Snort-users mailing list