Home page logo

snort logo Snort mailing list archives

Updating sid-msg.map
From: "Chan, Wilson" <wchan () honolulu gov>
Date: Mon, 15 Nov 2010 17:35:02 -1000

First off what is the sid-msg.map used for? I looked in my oinkmaster
config docs and they recommend to update the sourcefire and emerging
threats rule via the create-sidmap.pl script.

Since I have oinkmaster dumping ET and sourcefire rules to
/etc/snort/rules do I just run the perl script like this?



Create-sidmap.pl /etc/snort/rules > /etc/snort/sid-msg.map  



I've also googled and found this as another alternative. 



Cron script to refresh sid-msg.map otherwise you will get unidentified



/usr/local/bin/oinkmaster -o /usr/local/etc/snort/rules/emerging-threads
-C /usr/local/etc/oinkmaster.emerging.conf

/bin/rm /usr/local/etc/snort/sid-msg.map

/bin/cat /usr/local/etc/snort/sid-msg.map-sample
/usr/local/etc/snort/rules/emerging-threads/emerging-sid-msg.map >

/usr/local/etc/rc.d/snort restart





Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]