Re: Better defined schema for sid-msg.map v2

[waldo kitty <wkitty42 () windstream net>]

On 7/26/2013 15:47, Robert Greenhouse wrote:
> What happened to ref 1 and ref n?

they are covered by the "ref" entry which states that they are simply strings... 
"ref 1" is the first reference... you can have numerous references in a rule's 
definition... the 'n' in "ref n" simply signifies additional ones... if you have 
three references, then you would have three ref entries...

> Below is the reference portion of a rule how do I get that in two fields?

you don't...

> reference:url,doc.emergingthreats.net/bin/view/Main/2000345;

the above is only one reference... if you have two references, then you would 
have two entries... four would be four entries... 'n' is just a place holder for 
the last reference entry...

are you writing your own sid-msg.map generator?

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!