[Snort-users] create-sidmap.pl

Y M snort at ...15979...
Wed Jan 22 15:23:34 EST 2014


Yes. Depending on the rules policy you use, you want to add that to your custom rules metadata so PulledPork would know that rules tagged with a specific policy metadata should be processed and included in the sid-msg.map
YM

CC: snort-users at lists.sourceforge.net
From: SnortFan at ...131...
Subject: Re: [Snort-users] create-sidmap.pl
Date: Wed, 22 Jan 2014 15:20:09 -0500
To: snort at ...15979...

Will pull pork recreate the sid_msg.map file for me to include any changes I do to my custom rules even if I don't pull down a new VRT rule set?
Thanks,Ed

Sent from a mobile device. 
On Jan 22, 2014, at 3:07 PM, Y M <snort at ...15979...> wrote:




It seems that you are using version 2 of the sid-msg.map file. I am not familiar with the create-sidmap.pl script, but it seems it is targeting version 1 of the sid-msg.map. Either look for a newer version the script that supports v2 or use PulledPork instead.
YM

> From: SnortFan at ...131...
> Date: Wed, 22 Jan 2014 12:27:00 -0500
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] create-sidmap.pl
> 
> Hi All,
>      Anyone using the create-sidmap.pl script to add custom rules into their sid-msg.map file?  I noticed that the result seems to be missing some columns.  It goes from the original 6 columns to two. 
> 
> I'm using version 1.21
> 
> Thanks,
> Ed
> 
> Sent from a mobile device. 
> ------------------------------------------------------------------------------
> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> Learn Why More Businesses Are Choosing CenturyLink Cloud For
> Critical Workloads, Development Environments & Everything In Between.
> Get a Quote or Start a Free Trial Today. 
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
 		 	   		  
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140122/a35b6965/attachment.html>


More information about the Snort-users mailing list