Snort mailing list archives
need help with Oinkmaster, ET snortsam rules (regexec Problem)
From: Stefan Sabolowitsch <Stefan.Sabolowitsch () felten-group com>
Date: Sun, 27 Feb 2011 11:05:37 +0000
Hi all, I would like to change the snort rules (particularly ET snortsam Block rules) with onkmaster. However i do not have enough experience with regexec, unfortunately. Examples (square bracket problem): from "fwsam: src], 24 hours;)" to "fwsam: src[this], 24 hours;)" from "fwsam: src[this], 24 hours;)" to "fwsam: src[this], 1 hours;) or add complete new fwsam value to a "normal" existing snort rule with an new Block msg / txt Thanks for your assistance and time. Stefan
------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- need help with Oinkmaster, ET snortsam rules (regexec Problem) Stefan Sabolowitsch (Feb 27)