[Snort-users] Updating sid-msg.map

Joel Esler jesler at ...1935...
Tue Nov 16 20:46:23 EST 2010


Pulledpork does these functions by default. 


Sent from my iPhone

On Nov 16, 2010, at 8:21 PM, waldo kitty <wkitty42 at ...14940...> wrote:

> On 11/15/2010 22:35, Chan, Wilson wrote:
>> First off what is the sid-msg.map used for? I looked in my oinkmaster config
>> docs and they recommend to update the sourcefire and emerging threats rule via
>> the create-sidmap.pl script.
> 
> FWIW: in my environment, our snort logs do not display the GID:SID so there was 
> only the MSG text to go by... when i developed one of the mods for my 
> environment, i added a search capability to locate the MSG text in the 
> sid-msg.map file which then showed us the GID:SID which is needed for other 
> functions...
> 
> [aside] i'm trying to figure out a way to generate the sid-msg.map file from 
> multiple rules directories so that the GID 3 rules are included in the 
> sid-msg.map but time has been very short with a new paying gig that i've 
> found... 12 hour days of driving do not leave much for network security related 
> work :? :(
> 
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
> Spend less time writing and  rewriting code and more time creating great
> experiences on the web. Be a part of the beta today
> http://p.sf.net/sfu/msIE9-sfdev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list