Snort mailing list archives
Re: Signature Table in snort DB not updating
From: Joel Esler <jesler () sourcefire com>
Date: Sat, 10 Nov 2012 16:06:17 -0500
I think you mean sid-msg.map. The gid-msg.map doesn't change much. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Nov 10, 2012, at 1:21 PM, Heine Lysemose <lysemose () gmail com> wrote:
Have you updated your gen-sig.map? Pulledpork can do this for you. /Lysemose On Nov 10, 2012 7:04 PM, "Balasubramaniam Natarajan" <bala150985 () gmail com> wrote: Does any one know why the signature table under my snort database on mysql does not get populated with proper signature name ? Once I go in and manually update it then the event message appears properly on my Base console. Is there any way for me to automate it ? I am using root@nscbose:/store/snort/log# snort -V ,,_ -*> Snort! <*- o" )~ Version 2.9.3.1 IPv6 GRE (Build 40) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 1998-2012 Sourcefire, Inc., et al. Using libpcap version 1.1.1 Using PCRE version: 8.12 2011-01-15 Using ZLIB version: 1.2.3.4 root@nscbose:/store/snort/log# barnyard2 -v ______ -*> Barnyard2 <*- / ,,_ \ Version 2.1.11 (Build 317) |o" )~| By Ian Firns (SecurixLive): http://www.securixlive.com/ + '''' + (C) Copyright 2008-2012 Ian Firns <firnsy () securixlive com> USAGE: barnyard2 [-options] <filter options> Gernal Options: mysql> select * from signature; +--------+--------------------------------------------------------------+--------------+--------------+---------+----------+---------+ | sig_id | sig_name | sig_class_id | sig_priority | sig_rev | sig_sid | sig_gid | +--------+--------------------------------------------------------------+--------------+--------------+---------+----------+---------+ | 475 | Snort Alert [1:2014101:2] | 21 | 1 | 2 | 2014101 | 1 | | 476 | FILE-IDENTIFY Portable Executable binary file magic detected | 29 | 3 | 16 | 15306 | 1 | | 477 | Snort Alert [1:2012239:1] | 21 | 1 | 1 | 2012239 | 1 | | 478 | Snort Alert [1:10000000:1] | 0 | 0 | 1 | 10000000 | 1 | +--------+--------------------------------------------------------------+--------------+--------------+---------+----------+---------+ 478 rows in set (0.01 sec) mysql> update signature Set sig_name="Saw ICMP msg" WHERE sig_id=478; mysql> select * from signature; +--------+--------------------------------------------------------------+--------------+--------------+---------+----------+---------+ | sig_id | sig_name | sig_class_id | sig_priority | sig_rev | sig_sid | sig_gid | +--------+--------------------------------------------------------------+--------------+--------------+---------+----------+---------+ | 475 | Snort Alert [1:2014101:2] | 21 | 1 | 2 | 2014101 | 1 | | 476 | FILE-IDENTIFY Portable Executable binary file magic detected | 29 | 3 | 16 | 15306 | 1 | | 477 | Snort Alert [1:2012239:1] | 21 | 1 | 1 | 2012239 | 1 | | 478 | Saw ICMP msg | 0 | 0 | 1 | 10000000 | 1 | +--------+--------------------------------------------------------------+--------------+--------------+---------+----------+---------+ -- Regards, Balasubramaniam Natarajan www.etutorshop.com/moodle/ ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_nov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_nov_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_nov
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Signature Table in snort DB not updating Balasubramaniam Natarajan (Nov 10)
- Re: Signature Table in snort DB not updating Heine Lysemose (Nov 10)
- Re: Signature Table in snort DB not updating Joel Esler (Nov 10)
- Re: Signature Table in snort DB not updating Heine Lysemose (Nov 10)
- Re: Signature Table in snort DB not updating Balasubramaniam Natarajan (Nov 10)
- Re: Signature Table in snort DB not updating beenph (Nov 10)
- Re: Signature Table in snort DB not updating Joel Esler (Nov 10)
- Re: Signature Table in snort DB not updating Heine Lysemose (Nov 10)