Snort mailing list archives

Re: Linking rules in BASE

From: "Kun, Mike" <mkun () akamai com>
Date: Tue, 24 Aug 2010 13:02:10 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'll see what I can get for you

-----Original Message-----
From: JJC [mailto:cummingsj () gmail com]
Sent: Tuesday, August 24, 2010 12:00 PM
To: Jefferson, Shawn
Cc: Kun, Mike; snort-users () lists sourceforge net
Subject: Re: [Snort-users] Linking rules in BASE

Looks like I'll have to setup BASE to see exactly what you are talking 
about here... I suspect it's the rules .txt files that contain the 
rule documentation that BASE is looking for, but I'm not exactly sure 
since I don't use BASE.. do you have a screenshot/pastebin or 
something that I can have a quick look at..


On Tue, Aug 24, 2010 at 9:47 AM, Jefferson, Shawn 
<Shawn.Jefferson () bcferries com> wrote:


      Hi,

      I am copying the snort.rules and emerging.rules files, yes.  Is the 
rule sid that you are trying to lookup even in that directory?
Also, check the permissions/ownership on the file, that may also be an 
issue (I think I had that issue when I first set this up.)




      -----Original Message-----
      From: Kun, Mike [mailto:mkun () akamai com]

      Sent: Tuesday, August 24, 2010 8:43 AM
      To: Jefferson, Shawn; snort-users () lists sourceforge net
      Subject: RE: Linking rules in BASE

      -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA1

      Are you copying the snort.rules file?
      I tried that on my install, but I'm still getting the same errer.
It looks to me like BASE can't query the snort.rules file correctly

      - -Mike


      > -----Original Message-----
      > From: Jefferson, Shawn [mailto:Shawn.Jefferson () bcferries com]
      > Sent: Tuesday, August 24, 2010 11:39 AM
      > To: Kun, Mike; snort-users () lists sourceforge net
      > Subject: RE: Linking rules in BASE
      >
      > Hi,
      >
      > I have a cron job that copies the text rule files from the location
      > pulledpork puts them into the base www directory.  Seems to work 
for
      > me.
      >
      > -----Original Message-----
      > From: Kun, Mike [mailto:mkun () akamai com]
      > Sent: Tuesday, August 24, 2010 8:13 AM
      > To: snort-users () lists sourceforge net
      > Subject: [Snort-users] Linking rules in BASE
      >
      > -----BEGIN PGP SIGNED MESSAGE-----
      > Hash: SHA1
      >
      > Is there a way to get the "rule" links working when using 
pulledpork
      > to pull in a snort.rules file?
      > When I symlink BASE to the file I get " ERROR: Could not find
      > "sig:XXXXX;" in directory "rules/"."
      > In that directory is the snort.rules file the pulledpork created.
      > Any advice?
      >
      > - -Mike
      >
      > -----BEGIN PGP SIGNATURE-----
      > Version: GnuPG v1.4.10 (MingW32)
      > Comment: Using GnuPG with OutlookGnuPG v1.2.3667
      >
      >
iQEcBAEBAgAGBQJMc+FuAAoJEMhWEt1OJPG/OBAIAKaIHlg4t9rp66DQ/3bz5Wz9
      >
tAmdHku8qcRFNkzUPGHs8xBZRpHYdsMM8Rlo6byjJjQXQEMN8URroGRKjaatRoF3
      >
wSIfmWSJfCgSH9bap53qRGJmXmKjNX1Qm3EPiL5ixrEjiFcucdJ3FcD5HU0EZcOB
      >
vxjWUDxBtqCyLMXGy2v2rH3WYqX5E6ktCyZvC8tj8vDrWLjxO4hBmsOm7SPbdKxr
      >
hUql6VyMC8uRQ468N4Ji0HMBq0njHK8Z540wkGyjMN+HuBvK7Jh0te+YbtCVepPS
      >
Hd4thQXKSfD72tsUL7UJ9RIBSARpu2BOxRE/ca8TiLgGMslslqCaruKDVv7yyOc=
      > =NBBe
      > -----END PGP SIGNATURE-----
      >
      > ---------------------------------------------------------------
-------
      > -
      > -------
      > Sell apps to millions through the Intel(R) Atom(Tm) Developer 
Program
      > Be part of this innovative community and reach millions of netbook
      > users worldwide. Take advantage of special opportunities to 
increase
      > revenue and speed time-to-market. Join now, and jumpstart your 
future.
      > http://p.sf.net/sfu/intel-atom-d2d
      > _______________________________________________
      > Snort-users mailing list
      > Snort-users () lists sourceforge net
      > Go to this URL to change user options or unsubscribe:
      > https://lists.sourceforge.net/lists/listinfo/snort-users
      > Snort-users list archive:
      > http://www.geocrawler.com/redir-sf.php3?list=snort-users
      -----BEGIN PGP SIGNATURE-----
      Version: GnuPG v1.4.10 (MingW32)
      Comment: Using GnuPG with OutlookGnuPG v1.2.3667

      iQEcBAEBAgAGBQJMc+iUAAoJEMhWEt1OJPG/yTMIANz2mF+Fag/ArWlD4SZUWfrd
      A0AynLSC3JRCeEHhaJQKV5W1eWsvI+tqxLAcU9BDRzgwCtb4Ru2zYfds4QNnNwK/
      pj+h6Xp0LMF/1qp9fQrUZK22qrtwghY1/V87hT+DojilJJhCOJrzUYbjsU9KxKAy
      I9K8blvZng7rCZRQduqugft3Tp6ASEbylKOgxqHT6eKF1JcWutys8HIlPm9T7X2r
      SccRsi7WkVmxJPpwBuIYA3CfN6pakZ1vkAXX2rg/6BMFUm9NfQfPg+X1Wo3edprr
      8qfLaic/yc9rAx87oCLvJv8tPgeVbd1i+W0cGQVg4DaBi/DHI0o+/1+CsC5wit4=
      =NZGf
      -----END PGP SIGNATURE-----

      -----------------------------------------------------------------
-------------
      Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
      Be part of this innovative community and reach millions of netbook 
users
      worldwide. Take advantage of special opportunities to increase 
revenue and
      speed time-to-market. Join now, and jumpstart your future.
      http://p.sf.net/sfu/intel-atom-d2d
      _______________________________________________
      Snort-users mailing list
      Snort-users () lists sourceforge net
      Go to this URL to change user options or unsubscribe:
      https://lists.sourceforge.net/lists/listinfo/snort-users
      Snort-users list archive:
      http://www.geocrawler.com/redir-sf.php3?list=snort-users


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with OutlookGnuPG v1.2.3667

iQEcBAEBAgAGBQJMc/sSAAoJEMhWEt1OJPG/vaoH/1xXGZAUui/9CsJLQ8+5T0MM
PjWMEyLF+wA4u8mWPHImf7kSc9ohYvCoaxXVhnphUPUzomdHkB6teAiTlnD4ng9R
Ih+vg3MyJ6CNv3Xih5PQ0QWpNioPN57AMauiR/ukL63o0Xf3qbqtWXEUTfVoySuE
ydgzQl3mqVoTdpOsVLgWMJQov6a0qwopwgc41G8GzPG9lmOgX8HuE87fvUtS+N5t
KZ6Zy4adbXoDN8VJXyGAlfeUH59odZCCEa68WQHAhdMyEPSmld4DbHQrwPwbf+0K
l/9Wct7c+VeDCoLASzCc+FQ7DJwJ1LS0tQ30AbzLzn9gvexlEUXOE357bqVxk3s=
=nPtJ
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users 
worldwide. Take advantage of special opportunities to increase revenue and 
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Linking rules in BASE Kun, Mike (Aug 24)
- Re: Linking rules in BASE Jefferson, Shawn (Aug 24)
  - Re: Linking rules in BASE Kun, Mike (Aug 24)
    - Re: Linking rules in BASE Jefferson, Shawn (Aug 24)
    - Re: Linking rules in BASE JJC (Aug 24)
    - Re: Linking rules in BASE Jefferson, Shawn (Aug 24)
    - Re: Linking rules in BASE Kun, Mike (Aug 24)
    - Re: Linking rules in BASE Paul Schmehl (Aug 24)
    - Re: Linking rules in BASE Billy Marshall (Aug 24)
    - Re: Linking rules in BASE waldo kitty (Aug 24)
    - Re: Linking rules in BASE Nigel Houghton (Aug 24)
    - Re: Linking rules in BASE waldo kitty (Aug 24)
    - Re: Linking rules in BASE Nigel Houghton (Aug 25)