Re: Linking rules in BASE

[JJC <cummingsj () gmail com>]

Looks like I'll have to setup BASE to see exactly what you are talking about
here... I suspect it's the rules .txt files that contain the rule
documentation that BASE is looking for, but I'm not exactly sure since I
don't use BASE.. do you have a screenshot/pastebin or something that I can
have a quick look at..

On Tue, Aug 24, 2010 at 9:47 AM, Jefferson, Shawn <
Shawn.Jefferson () bcferries com> wrote:

> Hi,
>
> I am copying the snort.rules and emerging.rules files, yes.  Is the rule
> sid that you are trying to lookup even in that directory?  Also, check the
> permissions/ownership on the file, that may also be an issue (I think I had
> that issue when I first set this up.)
>
>
>
> -----Original Message-----
> From: Kun, Mike [mailto:mkun () akamai com]
> Sent: Tuesday, August 24, 2010 8:43 AM
> To: Jefferson, Shawn; snort-users () lists sourceforge net
> Subject: RE: Linking rules in BASE
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Are you copying the snort.rules file?
> I tried that on my install, but I'm still getting the same errer. It looks
> to me like BASE can't query the snort.rules file correctly
>
> - -Mike
>
>
> > -----Original Message-----
> > From: Jefferson, Shawn [mailto:Shawn.Jefferson () bcferries com]
> > Sent: Tuesday, August 24, 2010 11:39 AM
> > To: Kun, Mike; snort-users () lists sourceforge net
> > Subject: RE: Linking rules in BASE
> >
> > Hi,
> >
> > I have a cron job that copies the text rule files from the location
> > pulledpork puts them into the base www directory.  Seems to work for
> > me.
> >
> > -----Original Message-----
> > From: Kun, Mike [mailto:mkun () akamai com]
> > Sent: Tuesday, August 24, 2010 8:13 AM
> > To: snort-users () lists sourceforge net
> > Subject: [Snort-users] Linking rules in BASE
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Is there a way to get the "rule" links working when using pulledpork
> > to pull in a snort.rules file?
> > When I symlink BASE to the file I get " ERROR: Could not find
> > "sig:XXXXX;" in directory "rules/"."
> > In that directory is the snort.rules file the pulledpork created.
> > Any advice?
> >
> > - -Mike
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.10 (MingW32)
> > Comment: Using GnuPG with OutlookGnuPG v1.2.3667
> >
> > iQEcBAEBAgAGBQJMc+FuAAoJEMhWEt1OJPG/OBAIAKaIHlg4t9rp66DQ/3bz5Wz9
> > tAmdHku8qcRFNkzUPGHs8xBZRpHYdsMM8Rlo6byjJjQXQEMN8URroGRKjaatRoF3
> > wSIfmWSJfCgSH9bap53qRGJmXmKjNX1Qm3EPiL5ixrEjiFcucdJ3FcD5HU0EZcOB
> > vxjWUDxBtqCyLMXGy2v2rH3WYqX5E6ktCyZvC8tj8vDrWLjxO4hBmsOm7SPbdKxr
> > hUql6VyMC8uRQ468N4Ji0HMBq0njHK8Z540wkGyjMN+HuBvK7Jh0te+YbtCVepPS
> > Hd4thQXKSfD72tsUL7UJ9RIBSARpu2BOxRE/ca8TiLgGMslslqCaruKDVv7yyOc=
> > =NBBe
> > -----END PGP SIGNATURE-----
> >
> > ----------------------------------------------------------------------
> > -
> > -------
> > Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
> > Be part of this innovative community and reach millions of netbook
> > users worldwide. Take advantage of special opportunities to increase
> > revenue and speed time-to-market. Join now, and jumpstart your future.
> > http://p.sf.net/sfu/intel-atom-d2d
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with OutlookGnuPG v1.2.3667
>
> iQEcBAEBAgAGBQJMc+iUAAoJEMhWEt1OJPG/yTMIANz2mF+Fag/ArWlD4SZUWfrd
> A0AynLSC3JRCeEHhaJQKV5W1eWsvI+tqxLAcU9BDRzgwCtb4Ru2zYfds4QNnNwK/
> pj+h6Xp0LMF/1qp9fQrUZK22qrtwghY1/V87hT+DojilJJhCOJrzUYbjsU9KxKAy
> I9K8blvZng7rCZRQduqugft3Tp6ASEbylKOgxqHT6eKF1JcWutys8HIlPm9T7X2r
> SccRsi7WkVmxJPpwBuIYA3CfN6pakZ1vkAXX2rg/6BMFUm9NfQfPg+X1Wo3edprr
> 8qfLaic/yc9rAx87oCLvJv8tPgeVbd1i+W0cGQVg4DaBi/DHI0o+/1+CsC5wit4=
> =NZGf
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------------
> Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
> Be part of this innovative community and reach millions of netbook users
> worldwide. Take advantage of special opportunities to increase revenue and
> speed time-to-market. Join now, and jumpstart your future.
> http://p.sf.net/sfu/intel-atom-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users 
worldwide. Take advantage of special opportunities to increase revenue and 
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users