Someone did an offline link from txt files (snort rules comes with txt files as a description). It works fine, but not with signatures come from preprocessors (where sig_gid is not 1)
in includes/base_signature.inc.php at line 278 there is a limit for sig_sid:
278 /* xxx jl: provided, that there is a subdirectory "signatures/" in $BASE_urlpath */
279 if ( ( is_numeric($sig_id) ) && ($sig_sid >= 103) ) {
280 $ref = $ref.GetSingleSignatureReference("local", $sig_sid, $style);
I added this to see sigs comes from preprocessors:
283 /* and if sid < 103? */
284 if ( ( is_numeric($sig_id) ) && ($sig_sid < 103) ) {
285 $ref = $ref.GetSingleSignatureReference("local", $sig_gid .'-'. $sig_sid, $style);
Seems to be working for me. The emerging rules has no txt files (as description), for that rules local link should not be created.
Cheers,
Akos
Hello Akos,
I have rewritten that paragraph in the code. The preprocessor alerts as well as the alerts of any Community rules should now be displayed. But the usual "[local]" link does NOT appear in the signature name field, when the corresponding file can not be found. And the id range for bleeding edge/emerging threats has been excluded.
Maybe you want to have a look at the new BASE version and check whether it works as expected. For this you will have to download the CVS version of BASE as explained at
https://sourceforge.net/scm/?type=cvs&group_id=103348
BASE can then be found under base-php4.
Bye, bye
Juergen
Many thanks for your report.