[Snort-users] Map Bleeding snort signature name in ACID/BASE

Joel Esler joel.esler at ...1935...
Thu Sep 8 17:07:03 EDT 2005


Sounds like you're using barnyard.  Best advice would be to perform  
an operation like

cat bleeding-sid-msg-map.txt >> sid-msg.map

so that bleeding sid's are in your sid-msg.map.  Problem with this  
is, once you change/update your Snort.org rules or your bleeding  
rules your sid-msg.map will need to be fixed.  I suggest you look  
into one of the Open Source perl scripts that are out there to  
generate your sid-msg.map for you.  (I believe there is one on  
Snort.org, IIRC)

Joel Esler
SOURCEfire


On Sep 8, 2005, at 5:11 PM, Wayne Ho wrote:

> Does anyone how to publish bleedingsnort signature
> name on ACID/BASE instead of just "Unknown event
> 1:2001583"?
> I download the bleeding-sid-msg-map.txt, but I don't
> know how to make snort to use that file and its own
> sid-msg.map
>
> Please advise.
>
> Thanks.
>
> Wayne
>
>
>
>
> ______________________________________________________
> Click here to donate to the Hurricane Katrina relief effort.
> http://store.yahoo.com/redcross-donate3/
>
>
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle  
> Practices
> Agile & Plan-Driven Development * Managing Projects & Teams *  
> Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/ 
> bsce5sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>





More information about the Snort-users mailing list