Snort mailing list archives

Re: Multiple rulesets with separate sid files.

From: Peter Bates <peter.bates () ucl ac uk>
Date: Tue, 23 Jul 2013 16:31:55 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 23/07/2013 16:16, mulhern wrote:

Rulesets, like community rules or emerging threats rules come packaged with
an sid-msg.map file which maps a numeric identifier to something more
informative. When downloading multiple rule sets how should these be
handled so that they don't conflict and so that Snort or Barnyard is able
to find them?


Use PulledPork:

http://code.google.com/p/pulledpork/

It will download multiple rulesets, combine them into one rules output
file and then produce a sid-msg.msg which you need to restart BY2 to read.

- -- 
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division         Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJR7qHrAAoJELhVoVpEMS6RCXQIALBPZhbZtAI2GwJivNMoznzu
9u/xdZgZkcKXGmJzIxJ5Iaxh9v+t0hj3GcOd6PCI9aWZtBc1fojC+h9o4mxA5BPj
auXUgInohY2sCioT6t956HTq/6NevyNwWAo2IUNyQjdBkVAnOf8UcfPz+FOQD8/Y
XmsDpoQJvQhGffLx89nLxDz3e4W328iVZfNY9+ye+omRptI06fgI9U0nwjgVtNuD
NRHfYuFVmdUjUb5mvNDRuF7g9xcLY9gsc9jPZ8TF9JIn5Ft6lfzY7YVdlirucoB1
XzJ8auZF/u5I37XV2K0TJk8IDUYXs13SjflkT7mkj0c7+WR+5e6XwQIiQ7kfRSQ=
=4YSk
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Multiple rulesets with separate sid files. mulhern (Jul 23)
- Re: Multiple rulesets with separate sid files. Peter Bates (Jul 23)
- <Possible follow-ups>
- Re: Multiple rulesets with separate sid files. Y M (Jul 23)