Snort mailing list archives

Re: Updating sid-msg.map

From: waldo kitty <wkitty42 () windstream net>
Date: Wed, 17 Nov 2010 05:19:12 -0500

On 11/16/2010 20:46, Joel Esler wrote:

Pulledpork does these functions by default.


yes yes yes but we do not have pp in our environment and no one has had a chance 
to break [any}every]thing seeing if they can get it into it... pp has (had?) a 
few things that are counter to how our setup operates but they may be different 
now... the main one of those was putting all rules into one file... that's a 
huge no-no in our environment...

Sent from my iPhone

On Nov 16, 2010, at 8:21 PM, waldo kitty<wkitty42 () windstream net>  wrote:

On 11/15/2010 22:35, Chan, Wilson wrote:

First off what is the sid-msg.map used for? I looked in my oinkmaster config
docs and they recommend to update the sourcefire and emerging threats rule via
the create-sidmap.pl script.


FWIW: in my environment, our snort logs do not display the GID:SID so there was
only the MSG text to go by... when i developed one of the mods for my
environment, i added a search capability to locate the MSG text in the
sid-msg.map file which then showed us the GID:SID which is needed for other
functions...

[aside] i'm trying to figure out a way to generate the sid-msg.map file from
multiple rules directories so that the GID 3 rules are included in the
sid-msg.map but time has been very short with a new paying gig that i've
found... 12 hour days of driving do not leave much for network security related
work :? :(


------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Updating sid-msg.map Chan, Wilson (Nov 15)
- Re: Updating sid-msg.map Joel Esler (Nov 15)
- Re: Updating sid-msg.map Nigel Houghton (Nov 16)
- Re: Updating sid-msg.map waldo kitty (Nov 16)
  - Re: Updating sid-msg.map Joel Esler (Nov 16)
    - Re: Updating sid-msg.map waldo kitty (Nov 17)
  - Re: Updating sid-msg.map Lay, James (Nov 17)
    - Re: Updating sid-msg.map waldo kitty (Nov 17)
    - Re: Updating sid-msg.map Jason Wallace (Nov 18)