Parse::Snort::Strict - Parse Snort rules with validation of the rules
Parse Snort rules with validation regarding rule action, protocol and direction. Look at Parse::Snort for more usage detail, as this is a subclass of it.
use Parse::Snort::Strict; use Try::Tiny; my $rule = Parse::Snort::Strict->new(); try { $rule->parse($text); } catch { warn "Unable to parse rule: $_"; };
You can only have the following actions
generate an alert using the selected alert method, and then
log the packet
ignore the packet
alert and then turn on another dynamic rule
remain idle until activated by an activate rule , then act as a log rule
block and log the packet
block the packet, log it, and then send a TCP reset if the protocol is TCP or an ICMP port unreachable message if the protocol is UDP.
block the packet but do not log it.
You can only have the following protocols:
You can Only have the following directions
To install Parse::Snort, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Parse::Snort
CPAN shell
perl -MCPAN -e shell install Parse::Snort
For more information on module installation, please visit the detailed CPAN module installation guide.