[Snort-users] Updating sid-msg.map

Chan, Wilson wchan at ...14702...
Mon Nov 15 22:35:02 EST 2010


First off what is the sid-msg.map used for? I looked in my oinkmaster
config docs and they recommend to update the sourcefire and emerging
threats rule via the create-sidmap.pl script.

Since I have oinkmaster dumping ET and sourcefire rules to
/etc/snort/rules do I just run the perl script like this?

 

===============================================

Create-sidmap.pl /etc/snort/rules > /etc/snort/sid-msg.map  

===============================================

 

I've also googled and found this as another alternative. 

 

========================================================================
=================================================

Cron script to refresh sid-msg.map otherwise you will get unidentified
alerts:

 

#!/bin/sh

/usr/local/bin/oinkmaster -o /usr/local/etc/snort/rules/emerging-threads
-C /usr/local/etc/oinkmaster.emerging.conf

/bin/rm /usr/local/etc/snort/sid-msg.map

/bin/cat /usr/local/etc/snort/sid-msg.map-sample
/usr/local/etc/snort/rules/emerging-threads/emerging-sid-msg.map >
/usr/local/etc/snort/sid-msg.map

/usr/local/etc/rc.d/snort restart

========================================================================
==================================================

 

Wilson 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20101115/12532790/attachment.html>


More information about the Snort-users mailing list