Snort mailing list archives
Re: Multiple rulesets with separate sid files.
From: Peter Bates <peter.bates () ucl ac uk>
Date: Tue, 23 Jul 2013 16:31:55 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all On 23/07/2013 16:16, mulhern wrote:
Rulesets, like community rules or emerging threats rules come packaged with an sid-msg.map file which maps a numeric identifier to something more informative. When downloading multiple rule sets how should these be handled so that they don't conflict and so that Snort or Barnyard is able to find them?
Use PulledPork: http://code.google.com/p/pulledpork/ It will download multiple rulesets, combine them into one rules output file and then produce a sid-msg.msg which you need to restart BY2 to read. - -- Peter Bates Senior Information Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJR7qHrAAoJELhVoVpEMS6RCXQIALBPZhbZtAI2GwJivNMoznzu 9u/xdZgZkcKXGmJzIxJ5Iaxh9v+t0hj3GcOd6PCI9aWZtBc1fojC+h9o4mxA5BPj auXUgInohY2sCioT6t956HTq/6NevyNwWAo2IUNyQjdBkVAnOf8UcfPz+FOQD8/Y XmsDpoQJvQhGffLx89nLxDz3e4W328iVZfNY9+ye+omRptI06fgI9U0nwjgVtNuD NRHfYuFVmdUjUb5mvNDRuF7g9xcLY9gsc9jPZ8TF9JIn5Ft6lfzY7YVdlirucoB1 XzJ8auZF/u5I37XV2K0TJk8IDUYXs13SjflkT7mkj0c7+WR+5e6XwQIiQ7kfRSQ= =4YSk -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Multiple rulesets with separate sid files. mulhern (Jul 23)
- Re: Multiple rulesets with separate sid files. Peter Bates (Jul 23)
- <Possible follow-ups>
- Re: Multiple rulesets with separate sid files. Y M (Jul 23)