Re: sid-msg.map and the new .rules files

[JJ Cummings <cummingsj () gmail com>]

Precisely

Sent from the iRoad

On Nov 1, 2012, at 7:03, Pratik Narang <pratik.cse.bits () gmail com> wrote:

> It is expected that the end-user will generate the sid-msg.map file at his end...say using Pulled Pork.
> I guess that file might be soon removed from future tar balls, or at least that's what I remember being told by 
> others (like Joel) on the list. 
>
> On Thu, Nov 1, 2012 at 6:14 PM, Kungu Panda <kungupanda () gmail com> wrote:
> > Sorry for the confusion.  As surmised, I was asking about sid-msg.map.  So, it is expected that the etc/sid-msg.,ap 
> > file provided in the VRT signature tarball is incomplete and does not include mappings for all of the snort 
> > signatures provided in the tarball ? 
> >
> > KPanda
> >
> >
> >
> > On Wed, Oct 31, 2012 at 4:53 PM, Joel Esler <jesler () sourcefire com> wrote:
> > > On Oct 31, 2012, at 12:33 PM, JJC <cummingsj () gmail com> wrote:
> > >
> > > > sid-msg.map or gen-msg.map? the subject indicates one, while the body indicates the other.. that said sid-msg.map 
> > > > seems to make the most sense.
> > > >
> > > > Joel, correct me if I'm wrong but I believe that the expectation is that users generate their own sid-msg.map 
> > > > going forward, this guarantees that local.rules etc.. are included in said sid-msg.map.  PulledPork natively does 
> > > > this, and Oinkmaster includes a contrib script that does this.
> > >
> > > You are correct.
> > >
> > > --
> > > Joel Esler
> > > Senior Research Engineer, VRT
> > > OpenSource Community Manager
> > > Sourcefire
> >
> >
> > ------------------------------------------------------------------------------
> > Everyone hates slow websites. So do we.
> > Make your web apps faster with AppDynamics
> > Download AppDynamics Lite for free today:
> > http://p.sf.net/sfu/appdyn_sfd2d_oct
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!