Re: Bizarre signature

[Paul Schmehl <pschmehl_lists () tx rr com>]

--On Wednesday, July 21, 2010 11:50:20 -0400 "Kun, Mike" <mkun () akamai com> 
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Thanks!
>
> Is there something that needs to be configured in 2.8.6.0 that will
> cause the rules to show up with the msg field instead of just the sid?

Normally you see SIDs instead of rule descriptions when you haven't included 
the specific rule in the sig-msg.map file.  Since emerging threats has their 
own sid-msg.map file, you need to include that in the one provided with snort 
so that it will be parsed.

-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson


------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users