[Snort-users] BASE rule display

John Gay john.gay at ...1935...
Wed Nov 18 10:04:55 EST 2009


Make a subdirectory under base called rules and copy the rule files from
snort to there.  A link will appear with the other references in the
analysis views in base called rules.  This will show you the text of the
rule that triggered the alert.




On Wed, Nov 18, 2009 at 9:47 AM, Joel Esler <jesler at ...1935...> wrote:

> On Tue, Nov 17, 2009 at 9:36 PM, Jefferson, Shawn <
> Shawn.Jefferson at ...14448...> wrote:
>
>> What do you mean exactly?  Base already has two methods of bringing up
>> rule details.  There is a link to the rules .txt file and also you can link
>> to the rule itself (actually you copy the rules into a directory that the
>> base config points to).  This second method seems to do a grep and returns
>> the full rule text when you click on [rule].  Is that what you wanted?
>>
>>
> I think he means, when you bring up an alert, just have the rule text,
> right there for display in the screen.
>
> J
>
>
>
>>
>> ----- Original Message -----
>> From: firewalZ <firewalz at ...11827...>
>> To: Snort-users at lists.sourceforge.net <Snort-users at lists.sourceforge.net>
>> Sent: Mon Nov 16 15:20:00 2009
>> Subject: [Snort-users] BASE rule display
>>
>> Im a bit new to Snort/Base and Im wondering if there a way to get BASE
>> to display the full text of a rule that fires an alert, this would
>> really help the learning process.
>>
>> Thanks
>>
>>
>> ------------------------------------------------------------------------------
>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>> 30-Day
>> trial. Simplify your report design, integration and deployment - and focus
>> on
>> what you do best, core application coding. Discover what's new with
>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> ------------------------------------------------------------------------------
>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>> 30-Day
>> trial. Simplify your report design, integration and deployment - and focus
>> on
>> what you do best, core application coding. Discover what's new with
>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>
>
>
> --
> Joel Esler | 302-223-5974 | gtalk: jesler at ...1935...
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20091118/6510c34d/attachment.html>


More information about the Snort-users mailing list