Snort mailing list archives
RE: BASE Feature Suggestion to Display Rule Source
From: "McCash, John" <John.McCash () andrew com>
Date: Fri, 7 Oct 2005 08:37:01 -0500
Alex, Woo! Woo!! Thanks loads. This works great, once you fix the typo that refers to base_constants.inc.pnp instead of base_constants.inc.php. Also, I'd think you'd want it to pop a separate window, rather than load in the current one, as all of the other signature reference links do. Please don't think I'm throwing rocks. I'm not. This is great, and I'm using it now. I salaam in your general direction :-) Much Appreciation John -----Original Message----- From: Alex Butcher, ISC/ISYS [mailto:Alex.Butcher () bristol ac uk] Sent: Friday, September 16, 2005 3:42 AM To: McCash, John; snort-users () lists sourceforge net Subject: Re: [Snort-users] BASE Feature Suggestion to Display Rule Source --On 15 September 2005 18:18 -0500 "McCash, John" <John.McCash () andrew com> wrote:
From the BASE config file, it looks like the <snort> tag is more or less just forwarded to the sourcefire URL with a sid number, and
the
resultant page is displayed. It strikes me (as a non PHP programmer,
no
flames please) that it should not be terribly difficult to have BASE instead display a web page with two frames, and put the sourcefire
stuff
in one, while simultaneously displaying the full text of the
referenced
rule (pulled from a locally maintained copy of all rules in use) in
the
other.
Indeed - I did this for my local copy of ACID about a year ago. I ported my patch to BASE a few weeks back. Kevin basically liked it, but wanted to tweak it slightly to allow the location of the rules to be modified. I guess it might show up in the next release. I've attached my patch against 1.1.4, FWIW.
John
Best Regards, Alex. -- Alex Butcher: Security & Integrity, Personal Computer Systems Group Information Systems and Computing GPG Key ID: F9B27DC9 GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9 ------------------------------------------------------------------------------------------------ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any unauthorized use of this email is prohibited. ------------------------------------------------------------------------------------------------ [mf2] ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: BASE Feature Suggestion to Display Rule Source McCash, John (Oct 07)
- RE: BASE Feature Suggestion to Display Rule Source Alex Butcher, ISC/ISYS (Oct 07)