Snort mailing list archives
Re: Snort Alert Description in BASE
From: "David J. Bianco" <david () vorant com>
Date: Thu, 13 Sep 2007 14:37:25 -0400
That's barnyard's job, so probably you haven't told it where to find the sid-msg.map file, either on the command line or in the config file. And every time you update the file, you need to restart barnyard so it can reread all those lines. David chris mr wrote:
I downloaded bleeding-edge rulesets and set them up in snort.conf. I also CAT sid-msg.map with bleeding-sid-msg-map.txt. However, when I open BASE I still get a generic Snort Alert... How can these be replaced with detail info on the signature? [local] [snort] Snort Alert [1:2002872:0] policy-violation 1(0%) 1 1 1 2007-09-13 17:42:39 2007-09-13 17:42:39 Thanks chris. ____________________________________________________________________________________ Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Alert Description in BASE chris mr (Sep 13)
- Re: Snort Alert Description in BASE David J. Bianco (Sep 13)
- <Possible follow-ups>
- Re: Snort Alert Description in BASE chris mr (Sep 13)