[Logcheck-devel] Snort rules
Andrew Goodbody
andrew.goodbody at cambrionix.com
Tue Aug 6 12:22:20 UTC 2013
I have snort and logcheck installed on a Debian 7 VM and was getting a lot of snort log entries in the logcheck emails. It turns out that there were some unescaped pipe characters in the snort rules file (been there since 2007) that would have just resulted in a global match for any log entry from snort were it not for the fact that there was also a pid included in the snort log entries. The output from snort also seems to bear little relation to what was apparently produced back in 2007.
So here is an updated rules file. It works with my version of snort, 2.9.3.1 which is from experimental, with latest registered user rules. This is because oinkmaster seems unable to download rules for 2.9.2.2.
Enjoy.
Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snort
Type: application/octet-stream
Size: 16200 bytes
Desc: snort
URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20130806/d6bb1f75/attachment.obj>
More information about the Logcheck-devel
mailing list