Snort mailing list archives

Re: Rule Management for Snort

From: "Alex Pinheiro Machado Rodrigues" <alex () bsbnet com>
Date: Tue, 26 Feb 2002 14:21:46 -0300

Hello Mark. If you add "drop" action into your software, it will be useful
while using with hogwash,ok?
Thanks.
Alex


----- Original Message -----
From: "Mark Vevers" <mark () ifl net>
To: <snort-users () lists sourceforge net>
Sent: Tuesday, February 26, 2002 12:54 PM
Subject: [Snort-users] Rule Management for Snort


Hi,

For those of you who use ACID and have alternative monitoring arrangements
to Demarc for your network, but would like centralized rule management
for Snort I have written a small PHP addon - RuleMANagaer for Snort:

Main Features:
    Multiple Sensors with different rule sets (managed by rule group).
    Ruleset merging from latest snort rules or your own rulesets.
    Automatic sensor update and snort-restart.
    Rule Editing and Creation.
    Uses central snort MySQL Database.
    Open Source GPL License.

The software is currently at 0.0.2 alpha stage, but is used in a real live
environment to control a group of sensors.

    URL: http://rman.sourceforge.net
    Project URL : http://sourceforge.net/projects/rman

The next stage is to add variable management and rule filters to allow
sensors to pick up their variables from the db and vary them by
sensor-rulegroup combinations.

If you want to contribute to the project please let me know.  Any comments
etc. welcome.   The more feedback I get the more I'll work on the code!
I hope some people may find it of use.

Regards,

Mark Vevers

--
Mark Vevers.    mark () ifl net / mvevers () rm com
Internet Backbone Engineering Team
Internet for Learning, Research Machines Plc
Tel: +44 1235 823380,   Fax: +44 1235 823424



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Rule Management for Snort Mark Vevers (Feb 26)
- Re: Rule Management for Snort Alex Pinheiro Machado Rodrigues (Feb 26)
- <Possible follow-ups>
- Re: Rule Management for Snort Mark Vevers (Feb 26)