[Snort-users] gen-msg file

ll ibeginhere at ...11827...
Mon Jul 26 02:42:56 EDT 2010


yes, I read that from the user  manual .I wrote a rule like that 
"gid:200;sid:1000001;rev:1;classtype:web-application-attack;)"
and I modified the gen-msg.map file
# Format: generatorid || alertid || MSG
200 || 1 || test
and the sid-msg.map file
1000001 || browse directory || 
url,doc.emergingthreats.net/bin/view/Main/TorRules
but, the signature indicate in the BASE like that
Snort Alert [200:1000001:0]

I want to some message can indicate in the BASE,but not just the number .

? 2010-7-23 19:55, Joel Esler ??:
> Generatorid is the number of the individual generator (preprocessor, rule), alert id is the number of the individual alert, within that generator.
>
> The MSG describes the first two.
>
> J
>
> On Jul 23, 2010, at 6:02 AM, ll wrote:
>
>   
>> hi,all
>> in the file gen-msg.map
>> # Format: generatorid || alertid || MSG
>>
>> what is that alertid means ? there are not mentioned in the users manual ?
>>     
>
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100726/c1021128/attachment.html>


More information about the Snort-users mailing list