Marty actually recently discussed the ability to generate the
sid-msg.map upon Snort startup. Maybe we'll see that soon!!
On 5/23/05, Wes Young <wcyoung@buffalo.edu> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
try this out.. if you run it before you restart snort (or barnyard)
it will create a sid-msg.map file from your rules database. I'm not that
great of a perl scripter... but it gets the job done.. i call it before
i send barnyard a kill -HUP and it re-reads the file...
John Hally wrote:
Hello All,
I've set up the latest version of snortcenter2 with the rule_combine
script working great fetching snort and bleeding snort rules. I did
some poking around and it doesn't look like the script handles merging
the sid-msg.maps from the two different rulesets. What sid-msg.map is
used, the one on the BASE install, snortcenter2 install, or on the
sensor(s)?
Thanks in advance!
- --
Wes Young
Network Security Analyst
University at Buffalo
GPG Key: http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCkj6c1M5o0FsrrbERApfWAJ4sfKNLW8Qd5i79xIB/jRhENdT1YQCgnBBg
WxNp8K5ap7Ed3b8x4Gs8hF4=
=L/hs
-----END PGP SIGNATURE-----
#!/usr/bin/perl
use strict;
use DBI;
#########################################
# Configurations #
#########################################
# Database configs
my $sc_server = '';
my $sc_db = '';
my $sc_user = '';
my $sc_pass = '';
my $SIDFILE = "./etc/sid-msg.map";
#/Configs
open(SIDS, "> $SIDFILE") or die "Can not open sid file!\n";
my $sc_dbh = DBI->connect("DBI:mysql:$sc_db;$sc_server", $sc_user, $sc_pass)
or die "Couldn't connect to database: " . DBI->errstr;
my $sc_SELECT = "SELECT sid,msg FROM rules";
my $sc_sth;
$sc_sth = $sc_dbh->prepare($sc_SELECT) or die "Couldnt prepare statment: " .
$sc_sth->errstr;
$sc_sth->execute or die "Could not execute SQL statement: " . $sc_sth->errstr;
if ($sc_sth->rows == 0) {
#bail, shouldnt ever be seen... but just in case...
$sc_sth->finish;
$sc_dbh->disconnect || die "Failed to disconnect from the Database: "
. DBI->errstr;
die "No Sigs in Database";
}
my @rules;
while (@rules = $sc_sth->fetchrow_array) {
#clean out the quotes and trip the whitespaces the db gives back
$rules[1] =~ s/"//g;
$rules[1] =~ s/^\s+//;
$rules[1] =~ s/\s+$//;
print SIDS ("$rules[0] || $rules[1]\n");
}
close (SIDS);
$sc_sth->finish;
$sc_dbh->disconnect || die "Failed to disconnect the Database: " .
DBI->errstr;
--
Joel Esler
BASE Project Lead
http://sourceforge.net/projects/secureideas
-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_idt12&alloc_id�344&opÌk
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list
