RE: BASE Feature Suggestion to Display Rule Source

["Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>]

Hi John -

--On 07 October 2005 08:37 -0500 "McCash, John" <John.McCash () andrew com> 
wrote:

> Alex,
>         Woo! Woo!! Thanks loads. This works great, once you fix the typo
> that refers to base_constants.inc.pnp instead of base_constants.inc.php.

Oops! Mea culpa!

Kevin, this isn't in base-php4 CVS yet, so before you apply these patches, 
please check that you don't include that typo before you do. ;-)

> Also, I'd think you'd want it to pop a separate window, rather than load
> in the current one, as all of the other signature reference links do.
> Please don't think I'm throwing rocks. I'm not. This is great, and I'm
> using it now. I salaam in your general direction :-)

Easy enough to do; just add

       TARGET="_ACID_RULE_"

or something to the URL on line 275 of includes/base_signature.inc

>                 Much Appreciation
>                         John

HTH,
Alex.

> -----Original Message-----
> From: Alex Butcher, ISC/ISYS [mailto:Alex.Butcher () bristol ac uk]
> Sent: Friday, September 16, 2005 3:42 AM
> To: McCash, John; snort-users () lists sourceforge net
> Subject: Re: [Snort-users] BASE Feature Suggestion to Display Rule
> Source
>
>
>
> --On 15 September 2005 18:18 -0500 "McCash, John"
> <John.McCash () andrew com>
> wrote:
>
> >         From the BASE config file, it looks like the <snort> tag is more
> > or less just forwarded to the sourcefire URL with a sid number, and
> the
> > resultant page is displayed. It strikes me (as a non PHP programmer,
> no
> > flames please) that it should not be terribly difficult to have BASE
> > instead display a web page with two frames, and put the sourcefire
> stuff
> > in one, while simultaneously displaying the full text of the
> referenced
> > rule (pulled from a locally maintained copy of all rules in use) in
> the
> > other.
>
> Indeed - I did this for my local copy of ACID about a year ago. I ported
> my
> patch to BASE a few weeks back. Kevin basically liked it, but wanted to
> tweak it slightly to allow the location of the rules to be modified.
>
> I guess it might show up in the next release.
>
> I've attached my patch against 1.1.4, FWIW.
>
> >                 John
>
> Best Regards,
> Alex.



--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users