Snort mailing list archives
Re: Updating sid-msg.map
From: Nigel Houghton <nhoughton () sourcefire com>
Date: Tue, 16 Nov 2010 09:03:29 -0500
On Mon, 15 Nov 2010 17:35:02 -1000, Chan, Wilson wrote:
First off what is the sid-msg.map used for? I looked in my oinkmaster config docs and they recommend to update the sourcefire and emerging threats rule via the create-sidmap.pl script. Since I have oinkmaster dumping ET and sourcefire rules to /etc/snort/rules do I just run the perl script like this? =============================================== Create-sidmap.pl /etc/snort/rules > /etc/snort/sid-msg.map =============================================== I’ve also googled and found this as another alternative.
=========================================================================================================================
Cron script to refresh sid-msg.map otherwise you will get unidentified alerts: #!/bin/sh /usr/local/bin/oinkmaster -o /usr/local/etc/snort/rules/emerging-threads -C /usr/local/etc/oinkmaster.emerging.conf /bin/rm /usr/local/etc/snort/sid-msg.map /bin/cat /usr/local/etc/snort/sid-msg.map-sample /usr/local/etc/snort/rules/emerging-threads/emerging-sid-msg.map > /usr/local/etc/snort/sid-msg.map /usr/local/etc/rc.d/snort restart
==========================================================================================================================
Wilson
I do not suggest you use that cron script. I do suggest using PulledPork and have that handle everything. -- Nigel Houghton Head Mentalist SF VRT Department of Intelligence Excellence http://vrt-sourcefire.blogspot.com && http://labs.snort.org/ ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Updating sid-msg.map Chan, Wilson (Nov 15)
- Re: Updating sid-msg.map Joel Esler (Nov 15)
- Re: Updating sid-msg.map Nigel Houghton (Nov 16)
- Re: Updating sid-msg.map waldo kitty (Nov 16)
- Re: Updating sid-msg.map Joel Esler (Nov 16)
- Re: Updating sid-msg.map waldo kitty (Nov 17)
- Re: Updating sid-msg.map Lay, James (Nov 17)
- Re: Updating sid-msg.map waldo kitty (Nov 17)
- Re: Updating sid-msg.map Jason Wallace (Nov 18)
- Re: Updating sid-msg.map Joel Esler (Nov 16)