[Snort-users] BASE rule display

Joel Esler jesler at ...1935...
Wed Nov 18 09:47:05 EST 2009


On Tue, Nov 17, 2009 at 9:36 PM, Jefferson, Shawn <
Shawn.Jefferson at ...14448...> wrote:

> What do you mean exactly?  Base already has two methods of bringing up rule
> details.  There is a link to the rules .txt file and also you can link to
> the rule itself (actually you copy the rules into a directory that the base
> config points to).  This second method seems to do a grep and returns the
> full rule text when you click on [rule].  Is that what you wanted?
>
>
I think he means, when you bring up an alert, just have the rule text, right
there for display in the screen.

J



>
> ----- Original Message -----
> From: firewalZ <firewalz at ...11827...>
> To: Snort-users at lists.sourceforge.net <Snort-users at lists.sourceforge.net>
> Sent: Mon Nov 16 15:20:00 2009
> Subject: [Snort-users] BASE rule display
>
> Im a bit new to Snort/Base and Im wondering if there a way to get BASE
> to display the full text of a rule that fires an alert, this would
> really help the learning process.
>
> Thanks
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Joel Esler | 302-223-5974 | gtalk: jesler at ...1935...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20091118/8c0f6cee/attachment.html>


More information about the Snort-users mailing list