Parse fwsnort rules for 'msg' fields
authorMichael Rash <mbr@cipherdyne.org>
Tue, 18 Dec 2012 04:05:56 +0000 (23:05 -0500)
committerMichael Rash <mbr@cipherdyne.org>
Tue, 18 Dec 2012 04:05:56 +0000 (23:05 -0500)
commitbd89cfbad0cdc4540f1b983811e40803b8fa29b9
treea43c86ec84e386ea27e8bfc2a57e5a3095bbaa90
parent361281e7d38c68b8e8c201ca31ea9be0bc7ec858
Parse fwsnort rules for 'msg' fields

Added the ability to acquire Snort rule 'msg' fields from fwsnort if
it's also installed.  A new variable FWSNORT_RULES_DIR tells psad where
to look for the fwsnort rule set.  This fixes a problem reported by Pui
Edylie to the psad mailing list where fwsnort logged an attack that psad
could not map back to a descriptive 'msg' field.
CREDITS
ChangeLog
psad
psad.conf
test/conf/default_psad.conf
test/conf/disable_ipv6_detection.conf
test/conf/enable_ack_detection.conf
test/conf/ignore_tcp.conf
test/conf/ignore_udp.conf
test/conf/require_DROP_syslog_prefix_str.conf
test/conf/require_missing_syslog_prefix_str.conf