Snort mailing list archives
Re: Bizarre signature
From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Wed, 21 Jul 2010 11:17:13 -0500
--On Wednesday, July 21, 2010 11:50:20 -0400 "Kun, Mike" <mkun () akamai com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks! Is there something that needs to be configured in 2.8.6.0 that will cause the rules to show up with the msg field instead of just the sid?
Normally you see SIDs instead of rule descriptions when you haven't included the specific rule in the sig-msg.map file. Since emerging threats has their own sid-msg.map file, you need to include that in the one provided with snort so that it will be parsed. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Bizarre signature Kun, Mike (Jul 21)
- Re: Bizarre signature Paul Schmehl (Jul 21)
- Re: Bizarre signature Kun, Mike (Jul 21)
- Re: Bizarre signature Joel Esler (Jul 21)
- Re: Bizarre signature Eoin Miller (Jul 21)
- Re: Bizarre signature beenph (Jul 21)
- Re: Bizarre signature Paul Schmehl (Jul 21)
- Re: Bizarre signature Kun, Mike (Jul 21)
- Re: Bizarre signature Jefferson, Shawn (Jul 21)
- Re: Bizarre signature Paul Schmehl (Jul 21)