Barnyard & sid-msg.map

["Dusty Hall" <halljer () auburn edu>]

I kept getting the following error when trying to import alerts into my
snort db via barnyard....  the fix follows.

------------------------------
-*> Barnyard! <*-
Version 0.1.0 (Build 17)
By Andrew R. Baker (andrewb () snort org)
and Martin Roesch (roesch () sourcefire com, www.snort.org)

Loading Data Processors...
dp_alert loaded
<snip>
SensorID: 1
AcidDbOpStart Complete
Error (You have an error in your SQL syntax.  Check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'MKD / ' possible warez site' AND sig_rev=0 AND sig_sid=554' at)
executing query: SELECT sig_id FROM signature WHERE sig_name='POLICY FTP
'MKD / ' possible warez site' AND sig_rev=0 AND sig_sid=554
Fatal Error, Quitting..
Exiting
AcidDbOpStop
------------------------------

I fixed it by editing the sid-msg.map and changing the following:

554 || POLICY FTP 'MKD / ' possible warez site

to:

554 || POLICY FTP \'MKD / \' possible warez site


Any ideas?


-Dusty





-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users