[Snort-users] Updating sid-msg.map

waldo kitty wkitty42 at ...14940...
Tue Nov 16 20:21:45 EST 2010


On 11/15/2010 22:35, Chan, Wilson wrote:
> First off what is the sid-msg.map used for? I looked in my oinkmaster config
> docs and they recommend to update the sourcefire and emerging threats rule via
> the create-sidmap.pl script.

FWIW: in my environment, our snort logs do not display the GID:SID so there was 
only the MSG text to go by... when i developed one of the mods for my 
environment, i added a search capability to locate the MSG text in the 
sid-msg.map file which then showed us the GID:SID which is needed for other 
functions...

[aside] i'm trying to figure out a way to generate the sid-msg.map file from 
multiple rules directories so that the GID 3 rules are included in the 
sid-msg.map but time has been very short with a new paying gig that i've 
found... 12 hour days of driving do not leave much for network security related 
work :? :(




More information about the Snort-users mailing list