[Snort-users] Need to merge sid-msg.map and bleeding-sid-msg.map ?

sekure at ...11827... sekure at ...11827...
Fri Aug 27 22:34:01 EDT 2004


sid-msg.map is what barnyard and other post-processors use to
translate the sid from the alert in the unified log into the event
name that you see displayed.  If you are not using unified output, and
just have snort writing to alert files, you don't really need to keep
sid-msg.map updated.

On Fri, 27 Aug 2004 11:26:37 -0400 (EDT), Brandon Applegate
<brandon at ...12342...> wrote:
> I'm having trouble understanding how the .map file(s) get loaded into
> snort.  Specirfically (as noted in my subject line), when using another
> rule set in addition (i.e. bleeding) do I have to merge their .map file in
> ?  How else will snort know about these lines ?  I can't find any
> reference to sid-msg.map in the various snort config files so I assume
> it's hardcoded into snort to load this ?
> 
> Thanks in advance.
> 
> --
> Brandon Applegate - CCIE 10273
> PGP Key fingerprint:
> 7407 DC86 AA7B A57F 62D1 A715 3C63 66A1 181E 6996
> "SH1-0151.  This is the serial number, of our orbital gun."
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by BEA Weblogic Workshop
> FREE Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1 today.
> http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list