Snort mailing list archives

Updating sid-msg.map after adding custom rule

From: Black Lion via Snort-users <snort-users () lists snort org>
Date: Mon, 16 Apr 2018 09:09:25 +0200

Hello

I am running the following:

   - Snort 2.9.11.1
   - Barnyard 2.1.14
   - PulledPork v0.7.4
   - BASE 1.4.5

Everything is setup, PulledPork runs as a cron job and downloads new rules
daily and I am able to view alerts in BASE. However, the issue I am
experiencing is that the sid-msg.map file is not updated whenever I create
a custom rule in the following path: /etc/snort/rules/local.rules. From
what I have read, an entry must be made in the sid-msg.map file when a
custom rule is created, but the top of the sid-msg.map warns that it should
not be modified by hand:

# sid-msg.map autogenerated by PulledPork - DO NOT MODIFY BY HAND!

So my question is, how can I update the sid-msg.map file with my custom
rule so that it appears in BASE?

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

Updating sid-msg.map after adding custom rule Black Lion via Snort-users (Apr 18)
- Re: Updating sid-msg.map after adding custom rule Y M via Snort-users (Apr 21)
- Re: Updating sid-msg.map after adding custom rule Black Lion via Snort-users (Apr 25)
- Re: Updating sid-msg.map after adding custom rule Black Lion via Snort-users (Apr 25)