Re: Pulledpork doesn't creates sid-msg.map properly

[waldo kitty <wkitty42 () windstream net>]

On 10/13/2014 7:03 AM, Rob MacGregor wrote:

> I've seen this where the message contains certain characters that confused the
> parser. I'm pretty sure it was the use of colons (":") in the message that did
> it in my case.

we've had similar problems, too, when commas were used in the descriptions... 
our processing was based on comma delimiters and the fields were being separated 
on the commas in the MSGs... getting those eliminated from the provider fixed 
everything up nice and now they ensure that they don't use commas or similar 
regex ""signal characters""...

-- 
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!