[Snort-users] Barnyard, sid-msg.map, gen-msg.map

Andrew R. Baker andrewb at ...950...
Wed Jan 29 13:42:04 EST 2003


Andy Dales wrote:
> Greetings, I'm wondering if anyone is willing to explain the sid-msg.map
> and the gen-msg.map files required for use by barnyard.  In another posting
> I see someone made an awk/sed script to parse the rule files and output a
> file of the format sid || msg for the sid-msg.map but I don't see anyone
> talking about the gen-msg.map.  Can someone confirm the (sid || msg) format
> for the sid file and explain what the gen-msg.map file is/does.  These seem
> to be vital to barnyard's running but aren't really mentioned much
> anywhere.

sid-msg.map is used to translate the id found in a Snort Rule to a 
textual string.  The gen-msg.map is similar, but translates the ids for 
all of the alert generators in Snort other than the detection engine (ie 
preprocessors and packet decoder).  These files are needed by Barnyard 
since the unified files do not include the textual alert message.

-A





More information about the Snort-users mailing list