Editing snort rules
-
Attach your changes as diffs against the latest versions of the the files that you changed here.
I guess Scott is real busy to be working on this right now, so here are the files along with the diffs in case someone else can merge them.
For those of you who wish to try this out, simply install the .php files into your /usr/local/www folder and the .xml files to the /usr/local/pkg folder. Let me know if you have any troubles.
This file is a zip file, rename it to .zip and extract.
I have not had a chance to address the issue regarding saving changes made. I will get to that though, will probably be after Christmas though.
-
Please make sure that you are on the latest snort files and then send me all the new files in their entirety and I will overwrite the files in CVS with these. I am quite busy on a major project (failover DNS) but can get these files commited.
-
Everyone, the files have been committed. If you reinstall the snort package it will install the necessary files.
-
Do I need to be running one of the more recent snapshots?
I'm getting 404 - Not Found when I browse to http://192.168.1.2/snort_rules.php
-
No, the snort package isn't downloading the files properly. Working on it right now.
-
I sent the corrected file to Scott. Soon as he gets them committed everything should be good to go.
Sorry for the confusion
-
Allright, everything should be good to go. Reinstall package and it will download the new files.
FYI, if you edit any rules, they will not take effect until snort is reloaded. Right now I don't have the pages reloading snort, but I am working on that. For now, once you've edited the rules you want to, just click save under Snort Categories or settings and that will reload the rules.
-
Yep, reinstalled and looking good
Great work sdale :)
-
Very nice job!!!!
In the SNORT rules tab under category what is the purpose of the drop down box. If I select a different rule in the drop down nothing happens. If I go to SNORT categories tab and select a rule to view, it then goes to the rules tab and it lists it in the drop down box with the rules displayed. Does this occur for anyone else?
-
When you change the drop down menu, it should refresh with the ruleset you selected. It's working for me.
-
Very nice job!!!!
In the SNORT rules tab under category what is the purpose of the drop down box. If I select a different rule in the drop down nothing happens. If I go to SNORT categories tab and select a rule to view, it then goes to the rules tab and it lists it in the drop down box with the rules displayed. Does this occur for anyone else?
Bah, let me guess, you're still using IE? ;) Looks like IE doesn't handle the refresh properly. I'll take a look into it.
-
Well it's an IE thing…..seems to work fine in firefox.