Home page logo
/

snort logo Snort mailing list archives

Re: Updating sid-msg.map
From: "Lay, James" <james.lay () wincofoods com>
Date: Wed, 17 Nov 2010 11:08:21 -0700

Snag Oinkmaster, nab the create-sid.pl, put it in your path and:

/usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules >
/usr/local/etc/snort/sid-msg.map

Should create a sid-msg.map out of all the goodies found in the rules
dir.

James

-----Original Message-----
From: waldo kitty [mailto:wkitty42 () windstream net] 
Sent: Tuesday, November 16, 2010 6:22 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Updating sid-msg.map

On 11/15/2010 22:35, Chan, Wilson wrote:
First off what is the sid-msg.map used for? I looked in my oinkmaster 
config docs and they recommend to update the sourcefire and emerging 
threats rule via the create-sidmap.pl script.

FWIW: in my environment, our snort logs do not display the GID:SID so
there was only the MSG text to go by... when i developed one of the mods
for my environment, i added a search capability to locate the MSG text
in the sid-msg.map file which then showed us the GID:SID which is needed
for other functions...

[aside] i'm trying to figure out a way to generate the sid-msg.map file
from multiple rules directories so that the GID 3 rules are included in
the sid-msg.map but time has been very short with a new paying gig that
i've found... 12 hour days of driving do not leave much for network
security related work :? :(

------------------------------------------------------------------------
------
Beautiful is writing same markup. Internet Explorer 9 supports standards
for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault