Snort mailing list archives
Re: porn.rules
From: Joel Esler <joel.esler () sourcefire com>
Date: Fri, 9 Nov 2007 14:50:06 -0500
1) Don't use ACID. Use BASE if you wish to maintain that functionality. base.secureideas.net 2) Don't have Snort writing directly to DB. Please look into Barnyard. Joel On Nov 9, 2007, at 2:43 PM, dhottinger () harrisonburg k12 va us wrote:
--- cut --- #!/usr/bin/perl use strict; sub hex_to_ascii ($) { (my $str = shift) =~ s/([a-fA-F0-9]{2})/chr(hex $1)/eg; return $str; } my $str; while ($str=<STDIN>) { my $a_str = hex_to_ascii $str; print "\n\nASCII Output:\n"; print $a_str; } --- paste --- PaulMThanks, I use ACID for my alerts. Snort with --mysql option. Snort version 2.8.0. I'll send the payload to you then. -- Dwayne Hottinger Network Administrator Harrisonburg City Public Schools "rarely do people communicate, they just take turns talking" ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- porn.rules dhottinger (Nov 09)
- Re: porn.rules rmkml (Nov 09)
- Re: porn.rules Joel Esler (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Joel Esler (Nov 09)
- Re: porn.rules Paul Melson (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Paul Melson (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Joel Esler (Nov 09)
- Re: porn.rules David J. Bianco (Nov 09)
- Re: porn.rules dhottinger (Nov 09)
- Re: porn.rules Paul Schmehl (Nov 09)
- How much will a huge list of subnets to the frag3 preprocessor slow snort? Bachelor, Stephen A CTR USSOCOM HQ (Nov 09)
- Re: How much will a huge list of subnets to the frag3preprocessor slow snort? Paul Melson (Nov 09)