Snort mailing list archives

Re: How to make snort detect sid-msg.map

From: wkitty42 () windstream net
Date: Tue, 1 Aug 2017 10:07:15 -0400

On 08/01/2017 09:41 AM, neerav arora via Snort-users wrote:

Hi jesler , could u please elaborate so basically i have a sid-msg.map and
the corresponding rules file  already avbl , now i want snort alert logs to
have msg instead of sid .


you cannot... snort doesn't work that way...

Could u please tell me how i can achieve that ? Is there any change i need to
do in snort.conf file ?

if you are trying to parse the snort alert logs, you will need to perform thelookup of the GID:SID to get the message yourself...



--
 NOTE: No off-list assistance is given without prior approval.
       *Please keep mailing list traffic on the list unless*
       *a signed and pre-paid contract is in effect with us.*
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

How to make snort detect sid-msg.map neerav arora via Snort-users (Aug 01)
- Re: How to make snort detect sid-msg.map Joel Esler (jesler) via Snort-users (Aug 01)
- <Possible follow-ups>
- How to make snort detect sid-msg.map neerav arora via Snort-users (Aug 01)
  - Re: How to make snort detect sid-msg.map wkitty42 (Aug 01)
- How to make snort detect sid-msg.map neerav arora via Snort-users (Aug 01)
  - Re: How to make snort detect sid-msg.map Joel Esler (jesler) via Snort-users (Aug 01)