No subject


Thu Nov 23 16:36:19 EST 2017


	~/snort_src/snort-2.9.7.0/etc

In there I can see =93gen-map.msg=94:

	-rw-r--r--  1 user user  31K Sep 16 14:24 gen-msg.map

Inside this file I can see a mapping to =93decode=94 for GID 116 (as refere=
nced in the first quote from the manual), so is this the file that the GID =
mappings are in now, *NOT* generators, or am I still looking in the wrong p=
lace ?  If so, am I correct interpreting that a GID of 1 means the generato=
r was =93snort general rule=94 which matches up to a custom rule I wrote ?

Thanks

[1] See: https://s3.amazonaws.com/snort-org-site/production/document_files/=
files/000/000/051/original/snort_manual.pdf?AWSAccessKeyId=3DAKIAIXACIED2SP=
MSC7GA&Expires=3D1425073972&Signature=3D9uEeOQH3nRJTwXr6c7XxK%2F%2FWqAU%3D



More information about the Snort-users mailing list