Snort mailing list archives

Re: Pulledpork, multiple instances, and sid-msg.map

From: waldo kitty <wkitty42 () windstream net>
Date: Wed, 24 Jul 2013 22:39:48 -0400

On 7/24/2013 17:29, JJ Cummings wrote:

This is how I would do it...


if you would maintain a separate conf file that has all the rules enabled in it, 
then why not just make the sid-msg.map file go ahead and contain them all to 
start with like it was "in the olden days"?? why limit the ones in the file to 
only those that are in used rules files and enabled? the software that uses the 
sid-msg.map file doesn't care that the rules aren't used or enabled any more 
when it has entries for them in the logs or database already ;)

Sent from the iRoad

On Jul 24, 2013, at 16:31, Eoin Miller<eoin.miller () trojanedbinaries com>  wrote:

On 7/24/2013 20:23, James Lay wrote:

Reposted from the pulled pork google group (no response)...anyone have
any hints? I've noticed that some rules aren't in my sid-msg.map.  I
have multiple snort.confs that have different rulesets enabled.  How can
I get pp to make the sid-msg.map with all the sig ID's?

Thank you.

James


Maintain a separate conf that has all rules enabled and just copy the
sid-msg.map file out of that?




-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Pulledpork, multiple instances, and sid-msg.map James Lay (Jul 24)
- Re: Pulledpork, multiple instances, and sid-msg.map Eoin Miller (Jul 24)
  - Re: Pulledpork, multiple instances, and sid-msg.map JJ Cummings (Jul 24)
    - Re: Pulledpork, multiple instances, and sid-msg.map James Lay (Jul 24)
    - Re: Pulledpork, multiple instances, and sid-msg.map waldo kitty (Jul 24)
- Re: Pulledpork, multiple instances, and sid-msg.map waldo kitty (Jul 24)