Snort mailing list archives
Re: BASE rule display
From: firewalZ <firewalz () gmail com>
Date: Wed, 18 Nov 2009 10:25:47 -0500
Thanks, ill give that a try, I'm assuming than I will have to write a script that will update this file when I run oinkmaster. I figured that there was likely a way to do this manually (there is always a way with UNIX (FreeBSD Rules):), but I thought it would be nice to have this feature by default. Thanks for the replies. On Wed, Nov 18, 2009 at 10:04 AM, John Gay <john.gay () sourcefire com> wrote:
Make a subdirectory under base called rules and copy the rule files from snort to there. A link will appear with the other references in the analysis views in base called rules. This will show you the text of the rule that triggered the alert. On Wed, Nov 18, 2009 at 9:47 AM, Joel Esler <jesler () sourcefire com> wrote:On Tue, Nov 17, 2009 at 9:36 PM, Jefferson, Shawn <Shawn.Jefferson () bcferries com> wrote:What do you mean exactly? Base already has two methods of bringing up rule details. There is a link to the rules .txt file and also you can link to the rule itself (actually you copy the rules into a directory that the base config points to). This second method seems to do a grep and returns the full rule text when you click on [rule]. Is that what you wanted?I think he means, when you bring up an alert, just have the rule text, right there for display in the screen. J----- Original Message ----- From: firewalZ <firewalz () gmail com> To: Snort-users () lists sourceforge net <Snort-users () lists sourceforge net> Sent: Mon Nov 16 15:20:00 2009 Subject: [Snort-users] BASE rule display Im a bit new to Snort/Base and Im wondering if there a way to get BASE to display the full text of a rule that fires an alert, this would really help the learning process. Thanks ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Joel Esler | 302-223-5974 | gtalk: jesler () sourcefire com ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: BASE rule display, (continued)
- Re: BASE rule display Joel Esler (Nov 17)
- Re: BASE rule display Randal T. Rioux (Nov 17)
- Re: BASE rule display firewalZ (Nov 17)
- Re: BASE rule display Mike Guiterman (Nov 17)
- Re: BASE rule display Randal T. Rioux (Nov 17)
- Re: BASE rule display Kevin Johnson (Nov 18)
- Re: BASE rule display Frank Knobbe (Nov 23)
- Re: BASE rule display Randal T. Rioux (Nov 17)
- Re: BASE rule display Joel Esler (Nov 17)
- Re: BASE rule display Jefferson, Shawn (Nov 17)
- Re: BASE rule display Joel Esler (Nov 18)
- Re: BASE rule display John Gay (Nov 18)
- Re: BASE rule display firewalZ (Nov 18)
- Re: BASE rule display Joel Esler (Nov 18)