Home page logo

snort logo Snort mailing list archives

Re: sid in .rules
From: waldo kitty <wkitty42 () windstream net>
Date: Sat, 11 May 2013 12:29:30 -0400

oops! i hit the wrong button before i completed my post :/

On 5/11/2013 11:24, JJ Cummings wrote:
grep 'sid:1324' /path/to/rules/*

this works for those rules without a space or tab between the ':' and the SID ;)

it will also find sid 1324xxxx...

my comment above about the space or tab is based on previous rules that were 
distributed as "sid: xxxx;" which is perfectly acceptable to snort... the 
problem was inconsistency for easy greps which is why i decided to use


that way we get the rule(s) with or without the space as well as terminating the 
entry with the semicolon so we only get those with the sought after SID ;)

NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]