Re: sid-msg maps and dynamic rules

[firnsy <firnsy () securixlive com>]

G'day Russel,


Russell Fulton wrote:
> hmmm... NOw having the dynamic rules running I find that barnyard is  
> not matching the sid and the message. Reason is fairly obvious -- the  
> dynamic rules have a gen code of 3 not 1.

The aforementioned issue with dynamic rules having a generator_id of 3 
and not 1, which leads to messages not being matched correctly, does not 
exist in barnyard2.

> Presumably then sid-msg.map has an implicit gen of 1.

You presume correctly.

> Is it expected that these be added to the gen-msg.map?
>
> If so it is a bit painful -- the sidmsg.map can be created from  
> scratch from the rule files but the gen-msg.map has a whole lot of  
> static stuff and one therefore needs to append to the original.
>
> Is there a way of having this in a separate file?
>
> Russell
>   

Regards,

-- 
firnsy
www.securixlive.com

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users