Re: Updating sid-msg.map after adding custom rule

[Y M via Snort-users <snort-users () lists snort org>]

Trying running PulledPork with the -L command switch followed by the path to your local.rules files. This will ensure 
the custom rules get added to the sid-msg.map.

Thanks.
YM

________________________________
From: Snort-users <snort-users-bounces () lists snort org> on behalf of Black Lion via Snort-users <snort-users () 
lists snort org>
Sent: Monday, April 16, 2018 10:09 AM
To: snort-users () lists snort org
Subject: [Snort-users] Updating sid-msg.map after adding custom rule

Hello

I am running the following:

  *   Snort 2.9.11.1
  *   Barnyard 2.1.14
  *   PulledPork v0.7.4
  *   BASE 1.4.5

Everything is setup, PulledPork runs as a cron job and downloads new rules daily and I am able to view alerts in BASE. 
However, the issue I am experiencing is that the sid-msg.map file is not updated whenever I create a custom rule in the 
following path: /etc/snort/rules/local.rules. From what I have read, an entry must be made in the sid-msg.map file when 
a custom rule is created, but the top of the sid-msg.map warns that it should not be modified by hand:

# sid-msg.map autogenerated by PulledPork - DO NOT MODIFY BY HAND!

So my question is, how can I update the sid-msg.map file with my custom rule so that it appears in BASE?

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette