[Snort-users] need help with Oinkmaster, ET snortsam rules (regexec Problem)

Stefan Sabolowitsch Stefan.Sabolowitsch at ...15167...
Sun Feb 27 06:05:37 EST 2011


Hi all,
I would like to change the snort rules (particularly ET snortsam Block rules) with onkmaster.
However i do not have enough experience with regexec, unfortunately.

Examples (square bracket problem):
from "fwsam: src], 24 hours;)" to "fwsam: src[this], 24 hours;)"
from "fwsam: src[this], 24 hours;)" to "fwsam: src[this], 1 hours;)

or add complete new fwsam value to a "normal" existing snort rule with an new Block msg / txt

Thanks for your assistance and time.
Stefan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110227/89b47c6d/attachment.html>


More information about the Snort-users mailing list