Snort mailing list archives

Re: sid-msg.map and the new .rules files

From: Pratik Narang <pratik.cse.bits () gmail com>
Date: Thu, 1 Nov 2012 18:33:06 +0530

It is expected that the end-user will generate the sid-msg.map file at his
end...say using Pulled Pork.
I guess that file might be soon removed from future tar balls, or at least
that's what I remember being told by others (like Joel) on the list.

On Thu, Nov 1, 2012 at 6:14 PM, Kungu Panda <kungupanda () gmail com> wrote:

Sorry for the confusion.  As surmised, I was asking about sid-msg.map.
So, it is expected that the etc/sid-msg.,ap file provided in the VRT
signature tarball is incomplete and does not include mappings for all of
the snort signatures provided in the tarball ?

KPanda



On Wed, Oct 31, 2012 at 4:53 PM, Joel Esler <jesler () sourcefire com> wrote:

On Oct 31, 2012, at 12:33 PM, JJC <cummingsj () gmail com> wrote:

sid-msg.map or gen-msg.map? the subject indicates one, while the body
indicates the other.. that said sid-msg.map seems to make the most sense.

Joel, correct me if I'm wrong but I believe that the expectation is that
users generate their own sid-msg.map going forward, this guarantees that
local.rules etc.. are included in said sid-msg.map.  PulledPork natively
does this, and Oinkmaster includes a contrib script that does this.


You are correct.

--
*Joel Esler*
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire




------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

sid-msg.map and the new .rules files Kungu Panda (Oct 31)
- Re: sid-msg.map and the new .rules files JJC (Oct 31)
  - Re: sid-msg.map and the new .rules files Joel Esler (Oct 31)
    - Re: sid-msg.map and the new .rules files Kungu Panda (Nov 01)
    - Re: sid-msg.map and the new .rules files Pratik Narang (Nov 01)
    - Re: sid-msg.map and the new .rules files JJ Cummings (Nov 01)
    - Re: sid-msg.map and the new .rules files waldo kitty (Nov 01)