Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: barnyard to db

From: "Jeff Dell" <jdell () activeworx com>
Date: Thu, 4 Oct 2001 06:31:30 -0400
Actually, it is 1M+ SID Space. :)

Jeff


-----Original Message-----
From: snort-users-admin () lists sourceforge net 
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of 
Dragos Ruiu
Sent: Thursday, October 04, 2001 4:55 AM
To: Jed Pickel; Andrew R. Baker
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] barnyard to db




* User defined rules don't log any message. This comes from the fact
  that barnyard requires the use of the sid-msg.map file 

and that all

  user defined rules actually have a "sid". The obvious 

workaround is

  for users to maintain their rules in two places, but I 

personally am

  not in support of this. Any chance snort could auto-generate this
  file and auto-assign sid's for rules that don't have them?


I thought the idea was for user defined rules to be put in 
the 2M+ SID space? Am I mistaken? e.g.:: 

alert tcp any any <> any any (msg:"generic traffic"; 
sid:2000001; classification: kickass-porn)

(Uh oh, now I'm gonna get mail from all the lame mail filters :-)

cheers,
--dr




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: