[Snort-users] Help with Alerts

waldo kitty wkitty42 at ...14940...
Sun Sep 9 11:50:36 EDT 2012


On 9/9/2012 04:30, Pratik Narang wrote:
> Pardon my ignorance, but isn't sid-msg file supposed to contain all
> sig ids of the rule pack i downloaded??

no... if you have local or third-party rules, they are not going to be in that 
file you downloaded... the sid-msg.map file needs to be created from the rules 
installed in your snort...

> What is the difference between just using snort and using snort with pulled pork?

snort is snort... pulledpork is a type of rules managament package... snort 
doesn't get rules... it doesn't remove rules... all it does is use rules... 
someone or something else needs to retrieve, create, modify or remove unwanted 
rules and that's what pulledpork does...





More information about the Snort-users mailing list