Snort mailing list archives

Re: barnyard to db

From: Dragos Ruiu <dr () kyx net>
Date: Thu, 4 Oct 2001 01:55:19 -0700

* User defined rules don't log any message. This comes from the fact
  that barnyard requires the use of the sid-msg.map file and that all
  user defined rules actually have a "sid". The obvious workaround is
  for users to maintain their rules in two places, but I personally am
  not in support of this. Any chance snort could auto-generate this
  file and auto-assign sid's for rules that don't have them?


I thought the idea was for user defined rules to be put in the 2M+ SID
space? Am I mistaken? e.g.:: 

alert tcp any any <> any any (msg:"generic traffic"; sid:2000001; classification: kickass-porn)

(Uh oh, now I'm gonna get mail from all the lame mail filters :-)

cheers,
--dr

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

barnyard to db Mike Poor (Oct 01)
- Re: barnyard to db Andrew R. Baker (Oct 01)
  - Re: barnyard to db Jed Pickel (Oct 03)
    - Re: barnyard to db Dragos Ruiu (Oct 04)
    - RE: barnyard to db Jeff Dell (Oct 04)
    - Compile problem Kevin Pietersma (Oct 04)
    - Re: barnyard to db Martin Roesch (Oct 04)
    - RE: barnyard to db Frank Reid (Oct 04)
    - RE: barnyard to db Erek Adams (Oct 04)
    - RE: barnyard to db Andrew R. Baker (Oct 04)
    - Re: barnyard to db Chris Green (Oct 04)
    - Re: barnyard to db Andrew R. Baker (Oct 04)