Re: sid-msg.map incomplete again

["Champ Clark III [Softwink]" <champ () softwink com>]

On Tue, Jan 25, 2011 at 03:28:38PM -0500, Nigel Houghton wrote:
> On Tue, 25 Jan 2011 14:30:44 -0500, Lawrence R. Hughes, Sr. wrote:
> > Nigel,
> >
> > That's great if you use pulledpork, we do not.
> > PulledPork was not a requirement for snort to work correctly.

> Just for everyone's clarification here, Snort does not need the 
> sid-msg.map, you only need that for your event data in your database if 
> you use BASE or similar. Barnyard uses it.
>
> We suggest that folks use PulledPork to manage their rules and their 
> sid-msg.map etc... and that you output to a unified file from Snort and 
> use Barnyard to process that file to put the event data into a database 
> or whatever.
>
> If you don't want to use PulledPork, it is pretty easy to write a 
> script (in whatever language you like) that processes the rules files 
> to produce a sid-msg.map.

        Oinkmaster has a perl routine called "create-sidmap.pl" I
believe.  

-- 
        Champ Clark III | Softwink, Inc | 800-538-9357 x 101
                     http://www.softwink.com

GPG Key ID: 58A2A58F
Key fingerprint = 7734 2A1C 007D 581E BDF7  6AD5 0F1F 655F 58A2 A58F
If it wasn't for C, we'd be using BASI, PASAL and OBOL.

Attachment: _bin
Description:

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users