Script to transition rules from 1.8 to 1.9

["Crow, Owen" <Owen_Crow () bmc com>]

I finally got around to updating to 1.9.  I've spent months (or is it a
years now?) trimming the 1.8 rules to eliminate false positives in my
environment.  I didn't want to loose my changes and most especially my
comments in the rules files.  I've been using IDS Policy Manager from
Activeworx (www.activeworx.com) to manage the rules and it puts a comment on
the line before a rule if the user provides a one.

Attached is the very rough Perl script I used to scan the old rules for
their enabled/disabled state and associated comments.  It then
enables/disables the corresponding 1.9 rule and adds in the comments.  Lots
could be done to make this work for non-IDSPM comments, non-regular rule
layouts, etc, if someone has the time.

Now I can go through and try re-enabling some of the old rules to see if the
1.9 extensions have improved their accuracy.

Worked for me but use at your own risk.  Oh, I haven't been reading the list
for a while, so my apologies if a better script of this type has already
been posted.

Regards,
Owen Crow
Systems Programmer (Unix)
BMC Software, Inc.

 <<snort-1.8-1.9.pl>>

Attachment: snort-1.8-1.9.pl
Description: