[Snort-users] Linking rules in BASE

JJC cummingsj at ...11827...
Tue Aug 24 11:59:30 EDT 2010


Looks like I'll have to setup BASE to see exactly what you are talking about
here... I suspect it's the rules .txt files that contain the rule
documentation that BASE is looking for, but I'm not exactly sure since I
don't use BASE.. do you have a screenshot/pastebin or something that I can
have a quick look at..

On Tue, Aug 24, 2010 at 9:47 AM, Jefferson, Shawn <
Shawn.Jefferson at ...14448...> wrote:

> Hi,
>
> I am copying the snort.rules and emerging.rules files, yes.  Is the rule
> sid that you are trying to lookup even in that directory?  Also, check the
> permissions/ownership on the file, that may also be an issue (I think I had
> that issue when I first set this up.)
>
>
>
> -----Original Message-----
> From: Kun, Mike [mailto:mkun at ...6382...]
> Sent: Tuesday, August 24, 2010 8:43 AM
> To: Jefferson, Shawn; snort-users at lists.sourceforge.net
> Subject: RE: Linking rules in BASE
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Are you copying the snort.rules file?
> I tried that on my install, but I'm still getting the same errer. It looks
> to me like BASE can't query the snort.rules file correctly
>
> - -Mike
>
>
> > -----Original Message-----
> > From: Jefferson, Shawn [mailto:Shawn.Jefferson at ...14448...]
> > Sent: Tuesday, August 24, 2010 11:39 AM
> > To: Kun, Mike; snort-users at lists.sourceforge.net
> > Subject: RE: Linking rules in BASE
> >
> > Hi,
> >
> > I have a cron job that copies the text rule files from the location
> > pulledpork puts them into the base www directory.  Seems to work for
> > me.
> >
> > -----Original Message-----
> > From: Kun, Mike [mailto:mkun at ...6382...]
> > Sent: Tuesday, August 24, 2010 8:13 AM
> > To: snort-users at lists.sourceforge.net
> > Subject: [Snort-users] Linking rules in BASE
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Is there a way to get the "rule" links working when using pulledpork
> > to pull in a snort.rules file?
> > When I symlink BASE to the file I get " ERROR: Could not find
> > "sig:XXXXX;" in directory "rules/"."
> > In that directory is the snort.rules file the pulledpork created.
> > Any advice?
> >
> > - -Mike
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.10 (MingW32)
> > Comment: Using GnuPG with OutlookGnuPG v1.2.3667
> >
> > iQEcBAEBAgAGBQJMc+FuAAoJEMhWEt1OJPG/OBAIAKaIHlg4t9rp66DQ/3bz5Wz9
> > tAmdHku8qcRFNkzUPGHs8xBZRpHYdsMM8Rlo6byjJjQXQEMN8URroGRKjaatRoF3
> > wSIfmWSJfCgSH9bap53qRGJmXmKjNX1Qm3EPiL5ixrEjiFcucdJ3FcD5HU0EZcOB
> > vxjWUDxBtqCyLMXGy2v2rH3WYqX5E6ktCyZvC8tj8vDrWLjxO4hBmsOm7SPbdKxr
> > hUql6VyMC8uRQ468N4Ji0HMBq0njHK8Z540wkGyjMN+HuBvK7Jh0te+YbtCVepPS
> > Hd4thQXKSfD72tsUL7UJ9RIBSARpu2BOxRE/ca8TiLgGMslslqCaruKDVv7yyOc=
> > =NBBe
> > -----END PGP SIGNATURE-----
> >
> > ----------------------------------------------------------------------
> > -
> > -------
> > Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
> > Be part of this innovative community and reach millions of netbook
> > users worldwide. Take advantage of special opportunities to increase
> > revenue and speed time-to-market. Join now, and jumpstart your future.
> > http://p.sf.net/sfu/intel-atom-d2d
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with OutlookGnuPG v1.2.3667
>
> iQEcBAEBAgAGBQJMc+iUAAoJEMhWEt1OJPG/yTMIANz2mF+Fag/ArWlD4SZUWfrd
> A0AynLSC3JRCeEHhaJQKV5W1eWsvI+tqxLAcU9BDRzgwCtb4Ru2zYfds4QNnNwK/
> pj+h6Xp0LMF/1qp9fQrUZK22qrtwghY1/V87hT+DojilJJhCOJrzUYbjsU9KxKAy
> I9K8blvZng7rCZRQduqugft3Tp6ASEbylKOgxqHT6eKF1JcWutys8HIlPm9T7X2r
> SccRsi7WkVmxJPpwBuIYA3CfN6pakZ1vkAXX2rg/6BMFUm9NfQfPg+X1Wo3edprr
> 8qfLaic/yc9rAx87oCLvJv8tPgeVbd1i+W0cGQVg4DaBi/DHI0o+/1+CsC5wit4=
> =NZGf
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------------
> Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
> Be part of this innovative community and reach millions of netbook users
> worldwide. Take advantage of special opportunities to increase revenue and
> speed time-to-market. Join now, and jumpstart your future.
> http://p.sf.net/sfu/intel-atom-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100824/42fa4797/attachment.html>


More information about the Snort-users mailing list