Snort mailing list archives
Re: Rule Managment Tool
From: roman () danyliw com
Date: Thu, 10 May 2001 09:44:45 US/Eastern
Could be an extension to acid... Yes I know, it's just analysis. But it could be a cool feature.
Indeed a nice management tool, but as you said not quite analysis. I have no issues with including such functionality (and intergrating the actual rules would be nice), but other features are currently taking priority for now.
Another thing that could be interesting is to have a parser to include checkpoint FW1 & pix logs to snort-acid-db...
There is definitely some prior art here. Look at logsnorter (in the Snort downloads section) by Jason Haar: <quote> This perl script scans syslog messages (typically in real-time), picks up any "reject packet" messages generated by Ciscos or Linux ipfw/ipchains and logs them into your central Snort SQL database. This allows you to "expand" the reach of snort without having to put snort out into wierd areas - like in front of your perimeter router/firewall... </quote> cheers, Roman
On Thu, 10 May 2001, Cedric Guillotin wrote:Since I found ACID very interesting to manage logs, I was wondering if I could find a tool to manage rules to get a complete control over snort. I'm looking for a tool with the following functionnalities: - manage rule (store rules in db, sort rules, add, remove update) - manage ruleset for each sensor (select active rules, deploy ruleset) I've seen some scripts, but a frontend could be usefull. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- --- Alexandre J.D. Dulaunoy | "Engineering is the implementation of science; AD993-RIPE | Politics is the implementation of faith". http://www.foo.be/ | Another usenet quote... _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rule Managment Tool Cedric Guillotin (May 10)
- Re: Rule Managment Tool Alexandre Dulaunoy (May 10)
- <Possible follow-ups>
- Re: Rule Managment Tool roman (May 10)
- Re: Rule Managment Tool Andreas Hasenack (May 10)
- RE: Rule Managment Tool Jeff Dell (May 10)
- Re: Rule Managment Tool Cedric Guillotin (May 10)
- RE: Rule Managment Tool Jeff Dell (May 10)
- Re: Rule Managment Tool Cedric Guillotin (May 10)
- Re: Rule Managment Tool shawn . moyer (May 10)
- Re: Rule Managment Tool Cedric Guillotin (May 10)
- RE: Rule Managment Tool Jeff Dell (May 10)