[Snort-users] Linking rules in BASE

Kun, Mike mkun at ...6382...
Tue Aug 24 13:02:10 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'll see what I can get for you

> -----Original Message-----
> From: JJC [mailto:cummingsj at ...11827...]
> Sent: Tuesday, August 24, 2010 12:00 PM
> To: Jefferson, Shawn
> Cc: Kun, Mike; snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Linking rules in BASE
> 
> Looks like I'll have to setup BASE to see exactly what you are talking 
> about here... I suspect it's the rules .txt files that contain the 
> rule documentation that BASE is looking for, but I'm not exactly sure 
> since I don't use BASE.. do you have a screenshot/pastebin or 
> something that I can have a quick look at..
> 
> 
> On Tue, Aug 24, 2010 at 9:47 AM, Jefferson, Shawn 
> <Shawn.Jefferson at ...14448...> wrote:
> 
> 
> 	Hi,
> 
> 	I am copying the snort.rules and emerging.rules files, yes.  Is the 
> rule sid that you are trying to lookup even in that directory?
> Also, check the permissions/ownership on the file, that may also be an 
> issue (I think I had that issue when I first set this up.)
> 
> 
> 
> 
> 	-----Original Message-----
> 	From: Kun, Mike [mailto:mkun at ...6382...]
> 
> 	Sent: Tuesday, August 24, 2010 8:43 AM
> 	To: Jefferson, Shawn; snort-users at lists.sourceforge.net
> 	Subject: RE: Linking rules in BASE
> 
> 	-----BEGIN PGP SIGNED MESSAGE-----
> 	Hash: SHA1
> 
> 	Are you copying the snort.rules file?
> 	I tried that on my install, but I'm still getting the same errer.
> It looks to me like BASE can't query the snort.rules file correctly
> 
> 	- -Mike
> 
> 
> 	> -----Original Message-----
> 	> From: Jefferson, Shawn [mailto:Shawn.Jefferson at ...14448...]
> 	> Sent: Tuesday, August 24, 2010 11:39 AM
> 	> To: Kun, Mike; snort-users at lists.sourceforge.net
> 	> Subject: RE: Linking rules in BASE
> 	>
> 	> Hi,
> 	>
> 	> I have a cron job that copies the text rule files from the location
> 	> pulledpork puts them into the base www directory.  Seems to work 
> for
> 	> me.
> 	>
> 	> -----Original Message-----
> 	> From: Kun, Mike [mailto:mkun at ...6382...]
> 	> Sent: Tuesday, August 24, 2010 8:13 AM
> 	> To: snort-users at lists.sourceforge.net
> 	> Subject: [Snort-users] Linking rules in BASE
> 	>
> 	> -----BEGIN PGP SIGNED MESSAGE-----
> 	> Hash: SHA1
> 	>
> 	> Is there a way to get the "rule" links working when using 
> pulledpork
> 	> to pull in a snort.rules file?
> 	> When I symlink BASE to the file I get " ERROR: Could not find
> 	> "sig:XXXXX;" in directory "rules/"."
> 	> In that directory is the snort.rules file the pulledpork created.
> 	> Any advice?
> 	>
> 	> - -Mike
> 	>
> 	> -----BEGIN PGP SIGNATURE-----
> 	> Version: GnuPG v1.4.10 (MingW32)
> 	> Comment: Using GnuPG with OutlookGnuPG v1.2.3667
> 	>
> 	>
> iQEcBAEBAgAGBQJMc+FuAAoJEMhWEt1OJPG/OBAIAKaIHlg4t9rp66DQ/3bz5Wz9
> 	>
> tAmdHku8qcRFNkzUPGHs8xBZRpHYdsMM8Rlo6byjJjQXQEMN8URroGRKjaatRoF3
> 	>
> wSIfmWSJfCgSH9bap53qRGJmXmKjNX1Qm3EPiL5ixrEjiFcucdJ3FcD5HU0EZcOB
> 	>
> vxjWUDxBtqCyLMXGy2v2rH3WYqX5E6ktCyZvC8tj8vDrWLjxO4hBmsOm7SPbdKxr
> 	>
> hUql6VyMC8uRQ468N4Ji0HMBq0njHK8Z540wkGyjMN+HuBvK7Jh0te+YbtCVepPS
> 	>
> Hd4thQXKSfD72tsUL7UJ9RIBSARpu2BOxRE/ca8TiLgGMslslqCaruKDVv7yyOc=
> 	> =NBBe
> 	> -----END PGP SIGNATURE-----
> 	>
> 	> ---------------------------------------------------------------
> -------
> 	> -
> 	> -------
> 	> Sell apps to millions through the Intel(R) Atom(Tm) Developer 
> Program
> 	> Be part of this innovative community and reach millions of netbook
> 	> users worldwide. Take advantage of special opportunities to 
> increase
> 	> revenue and speed time-to-market. Join now, and jumpstart your 
> future.
> 	> http://p.sf.net/sfu/intel-atom-d2d
> 	> _______________________________________________
> 	> Snort-users mailing list
> 	> Snort-users at lists.sourceforge.net
> 	> Go to this URL to change user options or unsubscribe:
> 	> https://lists.sourceforge.net/lists/listinfo/snort-users
> 	> Snort-users list archive:
> 	> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 	-----BEGIN PGP SIGNATURE-----
> 	Version: GnuPG v1.4.10 (MingW32)
> 	Comment: Using GnuPG with OutlookGnuPG v1.2.3667
> 
> 	iQEcBAEBAgAGBQJMc+iUAAoJEMhWEt1OJPG/yTMIANz2mF+Fag/ArWlD4SZUWfrd
> 	A0AynLSC3JRCeEHhaJQKV5W1eWsvI+tqxLAcU9BDRzgwCtb4Ru2zYfds4QNnNwK/
> 	pj+h6Xp0LMF/1qp9fQrUZK22qrtwghY1/V87hT+DojilJJhCOJrzUYbjsU9KxKAy
> 	I9K8blvZng7rCZRQduqugft3Tp6ASEbylKOgxqHT6eKF1JcWutys8HIlPm9T7X2r
> 	SccRsi7WkVmxJPpwBuIYA3CfN6pakZ1vkAXX2rg/6BMFUm9NfQfPg+X1Wo3edprr
> 	8qfLaic/yc9rAx87oCLvJv8tPgeVbd1i+W0cGQVg4DaBi/DHI0o+/1+CsC5wit4=
> 	=NZGf
> 	-----END PGP SIGNATURE-----
> 
> 	-----------------------------------------------------------------
> -------------
> 	Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
> 	Be part of this innovative community and reach millions of netbook 
> users
> 	worldwide. Take advantage of special opportunities to increase 
> revenue and
> 	speed time-to-market. Join now, and jumpstart your future.
> 	http://p.sf.net/sfu/intel-atom-d2d
> 	_______________________________________________
> 	Snort-users mailing list
> 	Snort-users at lists.sourceforge.net
> 	Go to this URL to change user options or unsubscribe:
> 	https://lists.sourceforge.net/lists/listinfo/snort-users
> 	Snort-users list archive:
> 	http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with OutlookGnuPG v1.2.3667

iQEcBAEBAgAGBQJMc/sSAAoJEMhWEt1OJPG/vaoH/1xXGZAUui/9CsJLQ8+5T0MM
PjWMEyLF+wA4u8mWPHImf7kSc9ohYvCoaxXVhnphUPUzomdHkB6teAiTlnD4ng9R
Ih+vg3MyJ6CNv3Xih5PQ0QWpNioPN57AMauiR/ukL63o0Xf3qbqtWXEUTfVoySuE
ydgzQl3mqVoTdpOsVLgWMJQov6a0qwopwgc41G8GzPG9lmOgX8HuE87fvUtS+N5t
KZ6Zy4adbXoDN8VJXyGAlfeUH59odZCCEa68WQHAhdMyEPSmld4DbHQrwPwbf+0K
l/9Wct7c+VeDCoLASzCc+FQ7DJwJ1LS0tQ30AbzLzn9gvexlEUXOE357bqVxk3s=
=nPtJ
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list