[Discussion] Text in Msgs

• Previous message (by thread): [Discussion] Text in Msgs
• Next message (by thread): [Discussion] Text in Msgs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Frank Knobbe wrote:
> No, that's a bad idea (at least if you talk about Snort). If you create
> new/different message texts, Snort will create a new entry in the
> signature table (unique to msg+gid+sid+rev). Also, you would not get the
> same text with barnyard or in barnyard (and probably flop) based
> installs since BY only reports the sid (the msg is pulled from the
> sid-msg.map file).

We are not talking snort. This is totally different.

And we'll definitely not use a db schema with this issue.

Matt

> 
> While you could of course fork barnyard, my concern would be the bloat
> of the signature table due to unique msg texts.
> 

No forking here, all new.

Everything from the pattern matcher on up. :)

Matt


-- 
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc

• Previous message (by thread): [Discussion] Text in Msgs
• Next message (by thread): [Discussion] Text in Msgs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]