[Snort-users] Updating sid-msg.map
nhoughton at ...1935...
Tue Nov 16 09:03:29 EST 2010
On Mon, 15 Nov 2010 17:35:02 -1000, Chan, Wilson wrote:
> First off what is the sid-msg.map used for? I looked in my oinkmaster
> config docs and they recommend to update the sourcefire and emerging
> threats rule via the create-sidmap.pl script.
> Since I have oinkmaster dumping ET and sourcefire rules to
> /etc/snort/rules do I just run the perl script like this?
> Create-sidmap.pl /etc/snort/rules > /etc/snort/sid-msg.map
> I’ve also googled and found this as another alternative.
> Cron script to refresh sid-msg.map otherwise you will get
> unidentified alerts:
> /usr/local/bin/oinkmaster -o
> /usr/local/etc/snort/rules/emerging-threads -C
> /bin/rm /usr/local/etc/snort/sid-msg.map
> /bin/cat /usr/local/etc/snort/sid-msg.map-sample
> /usr/local/etc/snort/rules/emerging-threads/emerging-sid-msg.map >
> /usr/local/etc/rc.d/snort restart
I do not suggest you use that cron script.
I do suggest using PulledPork and have that handle everything.
SF VRT Department of Intelligence Excellence
http://vrt-sourcefire.blogspot.com && http://labs.snort.org/
More information about the Snort-users