Use of iis_unicode_map in HTTP Inspect on Linux IDS host

[Research <research () nativemethods com>]

Hi,

I had a question involving an option to the global setting of the HTTP inspect pre-processor in snort 2.9.7.0.

The default setting for the global settings for this pre-processor in snort.conf are:

        preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535

I see that iis_unicode_map unicode.map 1252 refers to the unicode.map file in /etc/snort and is using codepage 1252, 
but I was wondering if this is necessary if the host that Snort is running on is using Linux and Apache ?  Do I have to 
adjust that accordingly ?  I am doubly unsure because I note in the PDF of the manual on page 60 the following:

        "The iis unicode map is a required configuration parameter.”

…which makes me think it applies to *ANY* HTTP server.  As a consequence, I have left it as a default setting but am 
wondering if it could and should be modified.

Thanks
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!