[Snort-users] BASE rule display

firewalZ firewalz at ...11827...
Wed Nov 18 10:25:47 EST 2009


Thanks, ill give that a try, I'm assuming than I will have to write a
script that will update this file when I run oinkmaster. I figured
that there was likely a way to do this manually (there is always a way
with UNIX (FreeBSD Rules):), but I thought it would be nice to have
this feature by default.

Thanks for the replies.



On Wed, Nov 18, 2009 at 10:04 AM, John Gay <john.gay at ...1935...> wrote:
> Make a subdirectory under base called rules and copy the rule files from
> snort to there.  A link will appear with the other references in the
> analysis views in base called rules.  This will show you the text of the
> rule that triggered the alert.
>
>
>
> On Wed, Nov 18, 2009 at 9:47 AM, Joel Esler <jesler at ...1935...> wrote:
>>
>> On Tue, Nov 17, 2009 at 9:36 PM, Jefferson, Shawn
>> <Shawn.Jefferson at ...14448...> wrote:
>>>
>>> What do you mean exactly?  Base already has two methods of bringing up
>>> rule details.  There is a link to the rules .txt file and also you can link
>>> to the rule itself (actually you copy the rules into a directory that the
>>> base config points to).  This second method seems to do a grep and returns
>>> the full rule text when you click on [rule].  Is that what you wanted?
>>>
>>
>> I think he means, when you bring up an alert, just have the rule text,
>> right there for display in the screen.
>> J
>>
>>>
>>> ----- Original Message -----
>>> From: firewalZ <firewalz at ...11827...>
>>> To: Snort-users at lists.sourceforge.net <Snort-users at ...3893...t>
>>> Sent: Mon Nov 16 15:20:00 2009
>>> Subject: [Snort-users] BASE rule display
>>>
>>> Im a bit new to Snort/Base and Im wondering if there a way to get BASE
>>> to display the full text of a rule that fires an alert, this would
>>> really help the learning process.
>>>
>>> Thanks
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>>> 30-Day
>>> trial. Simplify your report design, integration and deployment - and
>>> focus on
>>> what you do best, core application coding. Discover what's new with
>>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>> ------------------------------------------------------------------------------
>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>>> 30-Day
>>> trial. Simplify your report design, integration and deployment - and
>>> focus on
>>> what you do best, core application coding. Discover what's new with
>>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>>
>>
>> --
>> Joel Esler | 302-223-5974 | gtalk: jesler at ...1935...
>>
>>
>> ------------------------------------------------------------------------------
>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>> 30-Day
>> trial. Simplify your report design, integration and deployment - and focus
>> on
>> what you do best, core application coding. Discover what's new with
>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list