projects / psad.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 361281e) | patch
Parse fwsnort rules for 'msg' fields
authorMichael Rash <mbr@cipherdyne.org>
Tue, 18 Dec 2012 04:05:56 +0000 (23:05 -0500)
committerMichael Rash <mbr@cipherdyne.org>
Tue, 18 Dec 2012 04:05:56 +0000 (23:05 -0500)
commitbd89cfbad0cdc4540f1b983811e40803b8fa29b9
treea43c86ec84e386ea27e8bfc2a57e5a3095bbaa90tree | snapshot
parent361281e7d38c68b8e8c201ca31ea9be0bc7ec858commit | diff
Parse fwsnort rules for 'msg' fields

Added the ability to acquire Snort rule 'msg' fields from fwsnort if
it's also installed.  A new variable FWSNORT_RULES_DIR tells psad where
to look for the fwsnort rule set.  This fixes a problem reported by Pui
Edylie to the psad mailing list where fwsnort logged an attack that psad
could not map back to a descriptive 'msg' field.
CREDITS diff | blob | history
ChangeLog diff | blob | history
psad diff | blob | history
psad.conf diff | blob | history
test/conf/default_psad.conf diff | blob | history
test/conf/disable_ipv6_detection.conf diff | blob | history
test/conf/enable_ack_detection.conf diff | blob | history
test/conf/ignore_tcp.conf diff | blob | history
test/conf/ignore_udp.conf diff | blob | history
test/conf/require_DROP_syslog_prefix_str.conf diff | blob | history
test/conf/require_missing_syslog_prefix_str.conf diff | blob | history
psad: Intrusion Detection and Log Analysis with iptables