Re: Rule Managment Tool

[roman () danyliw com]

> Could be an extension to acid... Yes I know, it's just analysis. But it
> could be a cool feature. 

Indeed a nice management tool, but as you said not quite analysis.
I have no issues with including such functionality (and
intergrating the actual rules would be nice), but other features
are currently taking priority for now.  

> Another thing that could be interesting is to have a parser to include
> checkpoint FW1 & pix logs to snort-acid-db... 

There is definitely some prior art here.  Look at logsnorter
(in the Snort downloads section) by Jason Haar:

<quote>
This perl script scans syslog messages (typically in real-time),
picks up any "reject packet" messages generated by Ciscos or
Linux ipfw/ipchains and logs them into your central Snort SQL
database. This allows you to "expand"  the reach of snort 
without having to put snort out into wierd areas - like
in front of your perimeter router/firewall...
</quote>

cheers,
Roman

> On Thu, 10 May 2001, Cedric Guillotin wrote:
>
> > Since I found ACID very interesting to manage logs, I was wondering if I
> > could find a tool to manage rules to get a complete control over snort.
> >
> > I'm looking for a tool with the following functionnalities:
> >
> >     - manage rule (store rules in db, sort rules, add, remove update)
> >     - manage ruleset for each sensor (select active rules, deploy ruleset)
> >
> > I've seen some scripts, but a frontend could be usefull.
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> -- 
> ---
> Alexandre J.D. Dulaunoy  | "Engineering is the implementation of science;
> AD993-RIPE               | Politics is the implementation of faith".
> http://www.foo.be/       |                      Another usenet quote...
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users