[Snort-users] Pulledpork, multiple instances, and sid-msg.map

JJ Cummings cummingsj at ...11827...
Wed Jul 24 17:29:48 EDT 2013


This is how I would do it...

Sent from the iRoad

On Jul 24, 2013, at 16:31, Eoin Miller <eoin.miller at ...14586...> wrote:

> On 7/24/2013 20:23, James Lay wrote:
>> Reposted from the pulled pork google group (no response)...anyone have 
>> any hints? I've noticed that some rules aren't in my sid-msg.map.  I 
>> have multiple snort.confs that have different rulesets enabled.  How can 
>> I get pp to make the sid-msg.map with all the sig ID's?
>> 
>> Thank you.
>> 
>> James
> 
> Maintain a separate conf that has all rules enabled and just copy the
> sid-msg.map file out of that?
> 
> -- Eoin
> 
> 
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list