[Snort-users] Updating sid-msg.map
wchan at ...14702...
Mon Nov 15 22:35:02 EST 2010
First off what is the sid-msg.map used for? I looked in my oinkmaster
config docs and they recommend to update the sourcefire and emerging
threats rule via the create-sidmap.pl script.
Since I have oinkmaster dumping ET and sourcefire rules to
/etc/snort/rules do I just run the perl script like this?
Create-sidmap.pl /etc/snort/rules > /etc/snort/sid-msg.map
I've also googled and found this as another alternative.
Cron script to refresh sid-msg.map otherwise you will get unidentified
/usr/local/bin/oinkmaster -o /usr/local/etc/snort/rules/emerging-threads
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users