Welcome, Guest. Please login or register.
Did you miss your activation email?
Wednesday 30 October 2024, 04:36:31 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14248 Posts in 4376 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Development
| |-+  EFW Wishlist
| | |-+  Better search for snort rules
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Better search for snort rules  (Read 19242 times)
Ricard
Full Member
***
Offline Offline

Posts: 11


« on: Saturday 29 March 2014, 04:21:18 am »

Search engine of the snort rules is quite useless and hard to use.  It would be great if we can search a rule according log alerts.

In example, we see this alert in the log window:

snort[15224]: [1:2003195:5] ET POLICY Unusual number of DNS....

and the related rule is this:

2003195    ET POLICY Unusual number of DNS No Such Name Responses

However, a search using the GUI is unable to find "2003195" or any other related text of that alert.  The search field only is able to find the name of the snort rule category ("POLICY").
In some cases it forces to a search across many pages of the category. This is very slow.












Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.031 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com