[Snort-users] your mail - gen id location

Nigel Houghton nigel at ...1935...
Wed Oct 18 16:30:12 EDT 2006


On  0, Todd Wease <twease at ...1935...> wrote:
> On Wed, 2006-10-18 at 12:38 -0500, gary douglas wrote:
> > 
> > I wish there was a central location to get the gen_id of the all the
> > different processes. So far I have found the following.
> > 
> > 
> > portscan = 122
> > http_inspect = 119
> > spp_frag3 = 123
> 
> Look in the generators file in your etc directory.

Look in the gen-msg.map for a mapping of generators to their sids.

You could always do something like:

 awk '{ print $1,$5}' gen-msg.map | uniq

Just to get a quick look at gids and short names :D

+--------------------------------------------------------------------+
     Nigel Houghton      Research Engineer       Sourcefire Inc.
                   Vulnerability Research Team

         There is no theory of evolution, just a list
            of creatures Vin Diesel allows to live.




More information about the Snort-users mailing list