Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Need to merge sid-msg.map and bleeding-sid-msg.map ?

From: sekure <sekure () gmail com>
Date: Fri, 27 Aug 2004 12:31:41 -0400
sid-msg.map is what barnyard and other post-processors use to
translate the sid from the alert in the unified log into the event
name that you see displayed.  If you are not using unified output, and
just have snort writing to alert files, you don't really need to keep
sid-msg.map updated.

On Fri, 27 Aug 2004 11:26:37 -0400 (EDT), Brandon Applegate
<brandon () burn net> wrote:

I'm having trouble understanding how the .map file(s) get loaded into
snort.  Specirfically (as noted in my subject line), when using another
rule set in addition (i.e. bleeding) do I have to merge their .map file in
?  How else will snort know about these lines ?  I can't find any
reference to sid-msg.map in the various snort config files so I assume
it's hardcoded into snort to load this ?

Thanks in advance.

--
Brandon Applegate - CCIE 10273
PGP Key fingerprint:
7407 DC86 AA7B A57F 62D1 A715 3C63 66A1 181E 6996
"SH1-0151.  This is the serial number, of our orbital gun."

-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: