[Snort-users] snort / barnyard2 2-1.8 (unified2) problem

Lawrence R. Hughes, Sr. lhughes at ...14822...
Fri Aug 27 10:51:21 EDT 2010


Barnyard2 is reading the correct sid-msg.map file!
Those signature names are missing right from your new rules update..

We don't use oinkmaster, we take your rules and sid-msg.map file right from the downloads at snort.org.


  ----- Original Message ----- 
  From: Joel Esler 
  To: Lawrence R. Hughes, Sr. 
  Cc: <snort-users at lists.sourceforge.net> 
  Sent: Friday, August 27, 2010 10:40 AM
  Subject: Re: [Snort-users] snort / barnyard2 2-1.8 (unified2) problem

  On Aug 27, 2010, at 9:54 AM, "Lawrence R. Hughes, Sr." <lhughes at ...14852.....> wrote:

    We think Barnyard2 is not at fault, and  the snort sid-msg.map and rules are the problem.

  Barnyard2 isn't reading the correct sid-msg.map file. 

  You need to use either pulledpork or the create-sidmsg.pl file that comes with oinkmaster to make this file. 
  I suggest the former.  

    Are we thinking in the correct direction?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100827/2aaf3710/attachment.html>

More information about the Snort-users mailing list