[Snort-users] Help with Alerts
wkitty42 at ...14940...
Sun Sep 9 11:50:36 EDT 2012
On 9/9/2012 04:30, Pratik Narang wrote:
> Pardon my ignorance, but isn't sid-msg file supposed to contain all
> sig ids of the rule pack i downloaded??
no... if you have local or third-party rules, they are not going to be in that
file you downloaded... the sid-msg.map file needs to be created from the rules
installed in your snort...
> What is the difference between just using snort and using snort with pulled pork?
snort is snort... pulledpork is a type of rules managament package... snort
doesn't get rules... it doesn't remove rules... all it does is use rules...
someone or something else needs to retrieve, create, modify or remove unwanted
rules and that's what pulledpork does...
More information about the Snort-users