[Snort-users] One liner to generate map file from rules.

Dragos Ruiu dr at ...381...
Tue Aug 27 13:08:03 EDT 2002


If in doubt...

 cat *rules  | grep "msg:" | sed -e 's/^.*msg:\"//' | sed -e 's/\"\;.*sid:/%/' 
| sed -e 's/\;.*$/ || /' |  awk -F'%' ' { print $2 $1 }' >sid-msg.map

This will give you a map file from your rules.
It's not pretty but it is short... :-) I know I could
have used just one sed...but this works. :-)

Cheers,
--dr

-- 
dr at ...381...   pgp: http://dragos.com/kyxpgp
Advance CanSecWest/03 registration available: http://cansecwest.com
"The question of whether computers can think is like the question
  of whether submarines can swim." --Edsger Wybe Dijkstra 1930-2002





More information about the Snort-users mailing list