Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How do I decrypt the <suppresspassthru>tag in <snortglobal><supress>section</supress></snortglobal></suppresspassthru>

    Scheduled Pinned Locked Moved
    IDS/IPS
    2
    2
    594
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      breusshe
      last edited by

      Hey, folks;

      I am having to rebuild my config from scratch after upgrading to v2.2.1.  I'm not sure what went wrong, but the config would not load correctly.  At any rate, I'm using the backed up config.xml file as a reference.  In my Snort configuration, I had two suppress lists configured.  When I see them in the config.xml (the <suppresspassthru>tag), they seem to be encrypted.  How do I turn that back into plain text so I can rebuild the lists I had?

      Thank you</suppresspassthru>

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        They are simply Base64 encoded.  You can use one of several online tools to convert the string from encoded Base64 to plaintext. Here is one site I found using a quick Google search:  http://www.motobit.com/util/base64-decoder-encoder.asp.

        The string is Base64 encoded to avoid issues with any XML reserved characters.  You can copy it literally as-is from one config.xml to the other, or if you want to decode it and paste the plaintext into a new Snort GUI window, then use an online Base64 tool like the one I referenced.

        Bill

        1 Reply Last reply Reply Quote 0
        • First post
          Last post