Re: Missing sids from sid-msg.map

[JJC <cummingsj () gmail com>]

The issue described is an issue of the values missing in sid-msg.map will
be fixed by using pulledpork, however we will still address it in the
tarball.  The short of it is that yes, you should be using pulledpork so
that you know that your flowbits are enabled/disabled properly and so that
you can select a solid base ruleset (security, balanced, connectivity).
 Once you understand it and have it properly running, it will actually make
your rule management much more simple.

JJC

On Mon, Oct 15, 2012 at 7:43 AM, Berk Gulenler <gulenler () boun edu tr> wrote:

> I'm extracting the contents of snortrules-snapshot-2931.tar.**gz to
> proper places and using map file in it. I did't have any problem with
> previous versions of rule files.
>
> I got my oinkcode I can use polledpork but no I'm not using. Should I use
> pulledpork?
>
>
>
> On 10/15/2012 04:31 PM, JJC wrote:
>
> > are you using any tools like pulledpork etc to manage your ruleset or
> > generate the sid-msg.map?\
> >
> > JJC
> >
> > On Mon, Oct 15, 2012 at 5:59 AM, Berk Gulenler <gulenler () boun edu tr>
> > wrote:
> >
> >  Hi,
> > > There seems to be many sids like 17645,16693,21848 are missing from
> > > sid-msg.map. I'm currently using registered user version and release
> > > date is 13.09.2012. Any help would be appreciated.
> > >
> > >
> > > ------------------------------**------------------------------**
> > > ------------------
> > > Don't let slow site performance ruin your business. Deploy New Relic APM
> > > Deploy New Relic app performance management and know exactly
> > > what is happening inside your Ruby, Python, PHP, Java, and .NET app
> > > Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> > > http://p.sf.net/sfu/newrelic-**dev2dev<http://p.sf.net/sfu/newrelic-dev2dev>
> > > ______________________________**_________________
> > > Snort-users mailing list
> > > Snort-users@lists.sourceforge.**net <Snort-users () lists sourceforge net>
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/**lists/listinfo/snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users>
> > > Snort-users list archive:
> > > http://sourceforge.net/**mailarchive/forum.php?forum_**name=snort-users<http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users>
> > >
> > > Please visit http://blog.snort.org to stay current on all the latest
> > > Snort news!
> > >
> > >
> > >
> > > are you using any tools like pulledpork etc to manage your ruleset or
> > > generate the sid-msg.map?\
> > >
> > > JJC
> > >
> > > On Mon, Oct 15, 2012 at 5:59 AM, Berk Gulenler <gulenler () boun edu tr
> > > <mailto:gulenler () boun edu tr>> wrote:
> > >
> > >     Hi,
> > >
> > >     There seems to be many sids like 17645,16693,21848 are missing from
> > >     sid-msg.map. I'm currently using registered user version and release
> > >     date is 13.09.2012. Any help would be appreciated.
> > >
> > >     ------------------------------**------------------------------**
> > > ------------------
> > >     Don't let slow site performance ruin your business. Deploy New
> > >     Relic APM
> > >     Deploy New Relic app performance management and know exactly
> > >     what is happening inside your Ruby, Python, PHP, Java, and .NET app
> > >     Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> > >     http://p.sf.net/sfu/newrelic-**dev2dev<http://p.sf.net/sfu/newrelic-dev2dev>
> > >     ______________________________**_________________
> > >     Snort-users mailing list
> > >     Snort-users@lists.sourceforge.**net<Snort-users () lists sourceforge net>
> > >     <mailto:Snort-users@lists.**sourceforge.net<Snort-users () lists sourceforge net>
> > > >
> > >
> > >     Go to this URL to change user options or unsubscribe:
> > >     
> > > https://lists.sourceforge.net/**lists/listinfo/snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users>
> > >     Snort-users list archive:
> > >     http://sourceforge.net/**mailarchive/forum.php?forum_**
> > > name=snort-users<http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users>
> > >
> > >     Please visit http://blog.snort.org to stay current on all the
> > >     latest Snort news!
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!