Snort mailing list archives
Re: Snort rule lookup from ACID
From: Jeff Kell <jeff-kell () utc edu>
Date: Wed, 16 Mar 2005 10:17:07 -0500
Duran, Randy wrote:
I have not seen an answer to this question so I'll post the solution
which I found on the support forum on snort.org for the benefit of those who haven't looked there yet.
In acid_conf.php change the line that reads:
"snort" => array("http://www.snort.org/snort-db/sid.html?sid=", ""),
change it to: "snort" => array("http://www.snort.org/pub-bin/sigs.cgi?sid=", ""),
On a more general note, does it bother anyone else that the "new" snort rule documentation no longer shows the signature?
Often when I get questionable alerts, I want to see what made the rule fire. Surely there has to be a better alternative than grepping the rules file on the sensor. Can't you allow something like the 'oink code' logic to let the new HTML page render the rule itself?
Jeff (who got his oink code to work to get rules, now wishing I could properly display the docs as before) ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: [SPAM] - Re: Snort rule lookup from ACID broken ?? - Email found in subject Duran, Randy (Mar 16)
- Re: Snort rule lookup from ACID Jeff Kell (Mar 16)