[Snort-users] BASE Feature Suggestion to Display Rule Source

Alex Butcher, ISC/ISYS Alex.Butcher at ...11254...
Fri Sep 16 01:43:34 EDT 2005



--On 15 September 2005 18:18 -0500 "McCash, John" <John.McCash at ...10979...> 
wrote:

> 	From the BASE config file, it looks like the <snort> tag is more
> or less just forwarded to the sourcefire URL with a sid number, and the
> resultant page is displayed. It strikes me (as a non PHP programmer, no
> flames please) that it should not be terribly difficult to have BASE
> instead display a web page with two frames, and put the sourcefire stuff
> in one, while simultaneously displaying the full text of the referenced
> rule (pulled from a locally maintained copy of all rules in use) in the
> other.

Indeed - I did this for my local copy of ACID about a year ago. I ported my 
patch to BASE a few weeks back. Kevin basically liked it, but wanted to 
tweak it slightly to allow the location of the rules to be modified.

I guess it might show up in the next release.

I've attached my patch against 1.1.4, FWIW.

> 		John

Best Regards,
Alex.
-- 
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9

-------------- next part --------------
A non-text attachment was scrubbed...
Name: base-1.1.4-showsig.diff
Type: application/octet-stream
Size: 3077 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050916/f02298bc/attachment.obj>


More information about the Snort-users mailing list