-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nelson,
I was thinking that sid-msg.map would come down fresh with each rule update but that limits things to one rule repository. Telling oinkmaster to skip downloading it then running create-sidmap.pl (as you suggest) on the entire rule set post update will cover cases when people want ot configure things for updates from multiple rule repos. There might be other twaeks to add here to make it easier to reconfig for other rule repos... I was kinda rushed... did my best to get it working for just VRT rules with hopes that it would also be reconfigurable for other repos as well. Great tip. I'll get to this one soon. thanks! Earl On Wed, 27 Jun 2007 15:27:41 -0400 Nelson Williams <[EMAIL PROTECTED]> wrote: >Hello > >The honeywall is updating snort rules using Oinkmaster. But the >Oinkmaster >by default don't update the sidmap file for snort, so new update >rules will >not be named (displayed as "unknown signature") in the walleye >interface. > >The script "hwruleupdate" should need to run the following command >after >update the snort rules: > > > >create-sidmap.pl /etc/snort/rules/ > /etc/snort/sid-msg.map > > > >Brgds. > >nelson -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wkYEARECAAYFAkaDRPQACgkQk7+e+4lPSm1r/QCfUUg/dh3xFDe4JpECa7a+MEMO7+EA niuQSnrWFVj8QvnQ/HyJgKANUZFG =jnDi -----END PGP SIGNATURE----- _______________________________________________ Honeywall mailing list [email protected] https://public.honeynet.org/mailman/listinfo/honeywall
