Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

when generating rules it should generate sid-msg.map and then also generate the gen-msg.map #145

Open
GoogleCodeExporter opened this issue Apr 23, 2015 · 1 comment
Open

when generating rules it should generate sid-msg.map and then also generate the gen-msg.map #145

GoogleCodeExporter opened this issue Apr 23, 2015 · 1 comment
Labels
Enhancement Priority-Low

Comments

@GoogleCodeExporter
Copy link 

It would be great if both can be generated at the same time..  Reason for this 
is because barnyard2 uses the gen-msg.map when sending alert notifications 
otherwise you're only going to see the SID

Simple script to generate the gen-msg.map from the output of the sid-msg.map 
generation

The create-sidmap as far as I know is only included in oinkmaster  ; Can these 
tools be included with pulledpork so that everything can be done after the 
rules are updated and generated after being downloaded and local rules parsed.

From oinkmaster

/root/oinkmaster-2.0/contrib/create-sidmap.pl /etc/snort/rules/ > 
/etc/snort/rules/sid-msg.map

cat /etc/snort/rules/sid-msg.map | awk -F '|' '{print "3 || "$1" || "$3}' > 
/etc/snort/rules/gen-msg.map

But this does also strip out certain information from the sid-msg.map which 
would be nice if all is included in the gen-msg.map as well.

Original issue reported on code.google.com by [email protected] on 9 Nov 2013 at 12:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement Priority-Low
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shirkdog @GoogleCodeExporter