Re: sid-msg.map incomplete again

[Nigel Houghton <nhoughton () sourcefire com>]

On Tue, 25 Jan 2011 19:49:21 -0500, waldo kitty wrote:
> On 1/25/2011 14:30, Lawrence R. Hughes, Sr. wrote:
> > Nigel,
> >
> > That's great if you use pulledpork, we do not.
> > PulledPork was not a requirement for snort to work correctly.
>
> there is also a create-sidmap.pl file that can be used to update your 
> sid-msg.map file... we have our update script run it every time the 
> rules are 
> updated... this is several times a day because we also use the ET 
> rules sets as 
> well as updating our local.rules...
>
> i forget if create-sidmap.pl comes in the contributions directory or not...

As a couple of other posters have pointed out, the create-sidmap.pl 
script comes with the Oinkmaster tar ball.

Waldo Kitty's example of how they use it in their environment is 
exactly why it's there and why you should rebuild the sid-msg.map for 
your individual needs.

--
Nigel Houghton
Head Mentalist
SF VRT Department of Intelligence Excellence
http://vrt-blog.snort.org/ && http://labs.snort.org/

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users