Snort mailing list archives

Better defined schema for sid-msg.map v2

From: Robert Greenhouse <rgreenhouse413 () gmail com>
Date: Fri, 26 Jul 2013 15:47:20 -0400

This is what is floating about the net on Barnyard2’s  sid-msg.map:

sid-msg.map v2 format:

GID || SID || REV || CLASSIFICATION || PRIORITY || MSG || REF 1 || REF N

  gid := integer
  sid := integer
  rev := integer
  classification := string (if NULL set to NOCLASS)
  priority := integer (if prio == 0, classification priority is used)
  msg := string
  ref := string


What happened to ref 1 and ref n?

Below is the reference portion of a rule how do I get that in two fields?

reference:url,doc.emergingthreats.net/bin/view/Main/2000345;

    Thanks,
Richard

------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent 
caught up. So what steps can you take to put your SQL databases under 
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Better defined schema for sid-msg.map v2 Robert Greenhouse (Aug 05)
- Re: Better defined schema for sid-msg.map v2 waldo kitty (Aug 05)