Generator ID map file location changed ?

[Research <research () nativemethods com>]

Hello,

On page 12 of the PDF format of the “Snort 2.9.7 Manual) [1], it notes that the mapping for GID’s (Generator ID’s), can 
be found in:

        "For a list of GIDs, please read etc/generators in the Snort source. In this case, we know that this event came 
from the “decode” (116) component of Snort.”

> From the source tar ball, I can see the etc subdirectory:

        ~/snort_src/snort-2.9.7.0/etc

In there I can see “gen-map.msg”:

        -rw-r--r--  1 user user  31K Sep 16 14:24 gen-msg.map

Inside this file I can see a mapping to “decode” for GID 116 (as referenced in the first quote from the manual), so is 
this the file that the GID mappings are in now, *NOT* generators, or am I still looking in the wrong place ?  If so, am 
I correct interpreting that a GID of 1 means the generator was “snort general rule” which matches up to a custom rule I 
wrote ?

Thanks

[1] See: 
https://s3.amazonaws.com/snort-org-site/production/document_files/files/000/000/051/original/snort_manual.pdf?AWSAccessKeyId=AKIAIXACIED2SPMSC7GA&Expires=1425073972&Signature=9uEeOQH3nRJTwXr6c7XxK%2F%2FWqAU%3D
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!