Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Barnyard, sid-msg.map, gen-msg.map

From: "Andrew R. Baker" <andrewb () snort org>
Date: Wed, 29 Jan 2003 16:39:36 -0500
Andy Dales wrote:

Greetings, I'm wondering if anyone is willing to explain the sid-msg.map
and the gen-msg.map files required for use by barnyard.  In another posting
I see someone made an awk/sed script to parse the rule files and output a
file of the format sid || msg for the sid-msg.map but I don't see anyone
talking about the gen-msg.map.  Can someone confirm the (sid || msg) format
for the sid file and explain what the gen-msg.map file is/does.  These seem
to be vital to barnyard's running but aren't really mentioned much
anywhere.
sid-msg.map is used to translate the id found in a Snort Rule to a textual string. The gen-msg.map is similar, but translates the ids for all of the alert generators in Snort other than the detection engine (ie preprocessors and packet decoder). These files are needed by Barnyard since the unified files do not include the textual alert message. 

-A



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: