[Snort-sigs] gen_id in suppress and threshold rules
nk99 at ...2507...
Thu May 27 23:52:05 EDT 2004
Russell Fulton wrote:
> The good book tells me I need both sig_id (no problems) and gen_id.
> I've looked high and low for a definition of gen_id (I found it stands
> for generator_id but that does not really help). All examples I have
> found have gen_id as 1 and using this seems to work fine.
Take a look at 'generators' and 'gen-msg.map' files (they should be
along with all '*.rules' files). This should give you some info on
what gen_id is.
NK @ Vilnius
Yesterday upon the stair I met a man who wasn't there. He wasn't there
again today -- I think he's from the CIA.
More information about the Snort-sigs