[Snort-users] How Can I display the rule name instead of the ID with ACID?

Rachmat Hidayat Al-Anshar rachmat_hidayat_02 at ...131...
Mon May 12 15:31:22 EDT 2008


Yep, for a first step it will be great if you can 
just use BASE instead. Just hit this following link
to download the latest version of BASE:
http://optusnet.dl.sourceforge.net/sourceforge/secureideas/base-1.4.0.tar.gz

There are two column named "signature" and "sig_name"
on the "acid_event" table that contain the same value,

signature ID (sig_id). 

In this case, what Berta really want is, how to
display
the signature description on "sig_name" field (not the

signature ID), CMIWW.

regard
Matt




--- Joel Esler <joel.esler at ...3027...> wrote:

> First, you should switch to BASE
> http://base.secureideas.net.  ACID  
> has been dead for at least 5 years.
> 
> Second, do you mean that in the signature name field
> you have a  
> number, and not the name of the alert?  Or are you
> saying that you  
> want the description of the rule displayed
> somewhere?
> 
> Please clarify your statement so that we can make a
> better helpful  
> suggestion.
> 
> Joel
> 
> On May 12, 2008, at 5:04 AM, Berta Alcala wrote:
> 
> > I use snort+acid+mysql. When I display the alerts
> there is a  
> > "Signature" column that is the signature ID.
> > I need the "sig_name" field (which is the rule's
> description)  
> > instead of the sig_id. The problem is in the
> "acid_event" table,  
> > here there are "signature" and "sig_name", both
> with the same value,  
> > the ID.
> > How can I do to get the description? there are a
> lot of files and I  
> > don't know which one I have to modify.
> >
>
-------------------------------------------------------------------------
> > This SF.net email is sponsored by the 2008
> JavaOne(SM) Conference
> > Don't miss this year's exciting event. There's
> still time to save  
> > $100.
> > Use priority code J8TL2D2.
> >
>
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone_______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or
> unsubscribe:
> >
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> >
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> --
> Joel Esler
>   joel.esler at ...3027...
>   http://blog.joelesler.net
> [m]
> 
> 
> 
> 
>
-------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008
> JavaOne(SM) Conference 
> Don't miss this year's exciting event. There's still
> time to save $100. 
> Use priority code J8TL2D2. 
>
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users



      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ




More information about the Snort-users mailing list