[Snort-users] BASE Feature Suggestion to Display Rule Source
kjohnson at ...12400...
Fri Sep 16 12:50:23 EDT 2005
On Fri, 2005-09-16 at 09:42 +0100, Alex Butcher, ISC/ISYS wrote:
> --On 15 September 2005 18:18 -0500 "McCash, John" <John.McCash at ...13510....>
> > From the BASE config file, it looks like the <snort> tag is more
> > or less just forwarded to the sourcefire URL with a sid number, and the
> > resultant page is displayed. It strikes me (as a non PHP programmer, no
> > flames please) that it should not be terribly difficult to have BASE
> > instead display a web page with two frames, and put the sourcefire stuff
> > in one, while simultaneously displaying the full text of the referenced
> > rule (pulled from a locally maintained copy of all rules in use) in the
> > other.
> Indeed - I did this for my local copy of ACID about a year ago. I ported my
> patch to BASE a few weeks back. Kevin basically liked it, but wanted to
> tweak it slightly to allow the location of the rules to be modified.
> I guess it might show up in the next release.
> I've attached my patch against 1.1.4, FWIW.
> > John
> Best Regards,
Kevin did like it, along with your other patches.<g> I should be
getting most of them into CVS this weekend and after testing the next
release will include them.
BASE Project Lead
The next step in IDS analysis!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Snort-users