Snort mailing list archives
Re: Updating sid-msg.map
From: Jason Wallace <jason.r.wallace () gmail com>
Date: Thu, 18 Nov 2010 07:48:23 -0500
I haven't used this in a while but I'm pretty sure you can do... create-sidmap.pl /foo/rules/VRT/ /foo/rules/ET/ /foo/rules/GID3 > sid-msg.map On Wed, Nov 17, 2010 at 11:11 PM, waldo kitty <wkitty42 () windstream net> wrote:
On 11/17/2010 13:08, Lay, James wrote:Snag Oinkmaster, nab the create-sid.pl, put it in your path and: /usr/local/bin/create-sidmap.pl /usr/local/etc/snort/rules> /usr/local/etc/snort/sid-msg.mapyes, we do this now...Should create a sid-msg.map out of all the goodies found in the rules dir.the goal is to figure out how to have it handle /multiple/ rules directories /foo/rules/VRT /foo/rules/ET /foo/rules/GID3 or are you saying that it should walk thru all of them because they are all under /foo/rules ?? i don't know if that has been tried by the testing team... they seem to actually want something "backwards" like /foo/VRT/rules /foo/ET/rules /foo/GID3/rules i'll give'em a kick to try it the other way and see what happens :)James -----Original Message----- From: waldo kitty [mailto:wkitty42 () windstream net] Sent: Tuesday, November 16, 2010 6:22 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Updating sid-msg.map On 11/15/2010 22:35, Chan, Wilson wrote:First off what is the sid-msg.map used for? I looked in my oinkmaster config docs and they recommend to update the sourcefire and emerging threats rule via the create-sidmap.pl script.FWIW: in my environment, our snort logs do not display the GID:SID so there was only the MSG text to go by... when i developed one of the mods for my environment, i added a search capability to locate the MSG text in the sid-msg.map file which then showed us the GID:SID which is needed for other functions... [aside] i'm trying to figure out a way to generate the sid-msg.map file from multiple rules directories so that the GID 3 rules are included in the sid-msg.map but time has been very short with a new paying gig that i've found... 12 hour days of driving do not leave much for network security related work :? :( ------------------------------------------------------------------------ ------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2& L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2& L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Updating sid-msg.map Chan, Wilson (Nov 15)
- Re: Updating sid-msg.map Joel Esler (Nov 15)
- Re: Updating sid-msg.map Nigel Houghton (Nov 16)
- Re: Updating sid-msg.map waldo kitty (Nov 16)
- Re: Updating sid-msg.map Joel Esler (Nov 16)
- Re: Updating sid-msg.map waldo kitty (Nov 17)
- Re: Updating sid-msg.map Lay, James (Nov 17)
- Re: Updating sid-msg.map waldo kitty (Nov 17)
- Re: Updating sid-msg.map Jason Wallace (Nov 18)
- Re: Updating sid-msg.map Joel Esler (Nov 16)