RE: New snort rule lookup

[John Hally <JHally () epnet com>]

Thanks Frank,

At some point I'll probably look at hacking snortcenter2 to do it for me,
til then, grep it is.

Thanks!

-----Original Message-----
From: Frank Knobbe [mailto:frank () knobbe us] 
Sent: Monday, March 28, 2005 4:45 PM
To: John Hally
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] New snort rule lookup

On Mon, 2005-03-28 at 16:06 -0500, John Hally wrote:
> I noticed that the new rule lookup doesn't have the actual rule syntax
> included as it did before.  Was this planned?  I found that helped a
> LOT when trying to determine if the alert was malicious or not.

Heya John!

My guess would be that the web site is not able to distinguish between
the GPL rules and the VRT rules. Thus the web site does not display the
actual rules anymore. As you recall, you have to sign up for the VRT
rules.

That said, "grep 'sid:1234567' *.rules" works just as well. Just take a
look at the Snort rule themselves.

Cheers,
Frank



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users