[Snort-users] BASE Feature Suggestion to Display Rule Source

Kevin Johnson kjohnson at ...12400...
Fri Sep 16 12:50:23 EDT 2005


On Fri, 2005-09-16 at 09:42 +0100, Alex Butcher, ISC/ISYS wrote:
> 
> --On 15 September 2005 18:18 -0500 "McCash, John" <John.McCash at ...13510....> 
> wrote:
> 
> > 	From the BASE config file, it looks like the <snort> tag is more
> > or less just forwarded to the sourcefire URL with a sid number, and the
> > resultant page is displayed. It strikes me (as a non PHP programmer, no
> > flames please) that it should not be terribly difficult to have BASE
> > instead display a web page with two frames, and put the sourcefire stuff
> > in one, while simultaneously displaying the full text of the referenced
> > rule (pulled from a locally maintained copy of all rules in use) in the
> > other.
> 
> Indeed - I did this for my local copy of ACID about a year ago. I ported my 
> patch to BASE a few weeks back. Kevin basically liked it, but wanted to 
> tweak it slightly to allow the location of the rules to be modified.
> 
> I guess it might show up in the next release.
> 
> I've attached my patch against 1.1.4, FWIW.
> 
> > 		John
> 
> Best Regards,
> Alex.

Hi-

Kevin did like it, along with your other patches.<g>  I should be
getting most of them into CVS this weekend and after testing the next
release will include them.

Kevin

---------------------
BASE Project Lead
http://sourceforge.net/projects/secureideas
http://base.secureideas.net
The next step in IDS analysis!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050916/5c11b1ab/attachment.sig>


More information about the Snort-users mailing list