Snort mailing list archives

Re: snort 2.8.6.1 / barnyard2 2-1.8 (unified2) problem

From: Joel Esler <jesler () sourcefire com>
Date: Fri, 27 Aug 2010 10:40:54 -0400

On Aug 27, 2010, at 9:54 AM, "Lawrence R. Hughes, Sr." <lhughes () safemedia com> wrote:

We think Barnyard2 is not at fault, and  the  snort sid-msg.map and rules are the problem.


Barnyard2 isn't reading the correct sid-msg.map file. 

You need to use either pulledpork or the create-sidmsg.pl file that comes with oinkmaster to make this file. 
I suggest the former.

 
Are we thinking in the correct direction?

------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users 
worldwide. Take advantage of special opportunities to increase revenue and 
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort 2.8.6.1 / barnyard2 2-1.8 (unified2) problem Lawrence R. Hughes, Sr. (Aug 27)
- Re: snort 2.8.6.1 / barnyard2 2-1.8 (unified2) problem JJC (Aug 27)
  - Re: snort 2.8.6.1 / barnyard2 2-1.8 (unified2) problem Lawrence R. Hughes, Sr. (Aug 27)
    - Re: snort 2.8.6.1 / barnyard2 2-1.8 (unified2) problem Joel Esler (Aug 27)
    - Re: snort 2.8.6.1 / barnyard2 2-1.8 (unified2) problem Nigel Houghton (Aug 27)
- Re: snort 2.8.6.1 / barnyard2 2-1.8 (unified2) problem Joel Esler (Aug 27)
  - Re: snort 2.8.6.1 / barnyard2 2-1.8 (unified2) problem Lawrence R. Hughes, Sr. (Aug 27)