Snort mailing list archives

Re: BASE rule display

From: John Gay <john.gay () sourcefire com>
Date: Wed, 18 Nov 2009 10:04:55 -0500

Make a subdirectory under base called rules and copy the rule files from
snort to there.  A link will appear with the other references in the
analysis views in base called rules.  This will show you the text of the
rule that triggered the alert.




On Wed, Nov 18, 2009 at 9:47 AM, Joel Esler <jesler () sourcefire com> wrote:

On Tue, Nov 17, 2009 at 9:36 PM, Jefferson, Shawn <
Shawn.Jefferson () bcferries com> wrote:

What do you mean exactly?  Base already has two methods of bringing up
rule details.  There is a link to the rules .txt file and also you can link
to the rule itself (actually you copy the rules into a directory that the
base config points to).  This second method seems to do a grep and returns
the full rule text when you click on [rule].  Is that what you wanted?

I think he means, when you bring up an alert, just have the rule text,
right there for display in the screen.

J


----- Original Message -----
From: firewalZ <firewalz () gmail com>
To: Snort-users () lists sourceforge net <Snort-users () lists sourceforge net>
Sent: Mon Nov 16 15:20:00 2009
Subject: [Snort-users] BASE rule display

Im a bit new to Snort/Base and Im wondering if there a way to get BASE
to display the full text of a rule that fires an alert, this would
really help the learning process.

Thanks


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008
30-Day
trial. Simplify your report design, integration and deployment - and focus
on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008
30-Day
trial. Simplify your report design, integration and deployment - and focus
on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




--
Joel Esler | 302-223-5974 | gtalk: jesler () sourcefire com


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus
on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

BASE rule display firewalZ (Nov 16)
- Re: BASE rule display Joel Esler (Nov 17)
  - Re: BASE rule display Randal T. Rioux (Nov 17)
    - Re: BASE rule display firewalZ (Nov 17)
    - Re: BASE rule display Mike Guiterman (Nov 17)
    - Re: BASE rule display Randal T. Rioux (Nov 17)
    - Re: BASE rule display Kevin Johnson (Nov 18)
    - Re: BASE rule display Frank Knobbe (Nov 23)
- <Possible follow-ups>
- Re: BASE rule display Jefferson, Shawn (Nov 17)
  - Re: BASE rule display Joel Esler (Nov 18)
    - Re: BASE rule display John Gay (Nov 18)
    - Re: BASE rule display firewalZ (Nov 18)