Snort mailing list archives
Generator ID map file location changed ?
From: Research <research () nativemethods com>
Date: Fri, 27 Feb 2015 15:58:42 -0500
Hello, On page 12 of the PDF format of the “Snort 2.9.7 Manual) [1], it notes that the mapping for GID’s (Generator ID’s), can be found in: "For a list of GIDs, please read etc/generators in the Snort source. In this case, we know that this event came from the “decode” (116) component of Snort.”
From the source tar ball, I can see the etc subdirectory:
~/snort_src/snort-2.9.7.0/etc In there I can see “gen-map.msg”: -rw-r--r-- 1 user user 31K Sep 16 14:24 gen-msg.map Inside this file I can see a mapping to “decode” for GID 116 (as referenced in the first quote from the manual), so is this the file that the GID mappings are in now, *NOT* generators, or am I still looking in the wrong place ? If so, am I correct interpreting that a GID of 1 means the generator was “snort general rule” which matches up to a custom rule I wrote ? Thanks [1] See: https://s3.amazonaws.com/snort-org-site/production/document_files/files/000/000/051/original/snort_manual.pdf?AWSAccessKeyId=AKIAIXACIED2SPMSC7GA&Expires=1425073972&Signature=9uEeOQH3nRJTwXr6c7XxK%2F%2FWqAU%3D ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Generator ID map file location changed ? Research (Feb 27)
- Re: Generator ID map file location changed ? Y M (Mar 01)
- Re: Generator ID map file location changed ? Research (Mar 01)
- Re: Generator ID map file location changed ? Y M (Mar 01)