Snort mailing list archives
Re: Unknown Sig Name ???
From: roman () danyliw com
Date: Thu, 11 Oct 2001 15:53:02 US/Eastern
Scott, A couple of questions to further understand the situation: - What version of ACID? - What version of the DB schema? - Do all signatures appear with the "Unknown Sig Name" string? Log into the database and run these queries: - In the database, check for any rows in the event tables which have a signature = 0? (SELECT * FROM event WHERE signature = 0) - Check if there are any rows in the event table whose signature field is not a valid key in the signature table (i.e. not a valid sig_id) (SELECT DISTINCT signature FROM event; SELECT DISTINCT sig_id FROM signature; compare these lists) Roman
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can anybody give me some clues on how to debug this message I am getting in acid? Is it a problem with classification.config? I am running snort 1.8.1 on one box with a local mysql database and snort1.8.1 on another box which is logging alerts to the first boxen's database. Thanks in advance... Scott Duncan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7xKvvk2DKE9dAYTcRAkSOAKCHlO3xEuF8+Pfv5OSnnWuETj2+lwCeKuDI zCMirnrbE5bYtKyQcyGGmEQ= =saqf -----END PGP SIGNATURE----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Unknown Sig Name ??? roman (Oct 11)
- hits to pare down snort alerts james (Oct 11)
- Re: hits (hints) to pare down snort alerts james (Oct 11)
- <Possible follow-ups>
- Re: Unknown Sig Name ??? sduncan (Oct 11)
- Re: Unknown Sig Name ??? Susan Kay Coulter (Oct 12)
- Reload rules w/o restarting ? james (Oct 12)
- Re: Reload rules w/o restarting ? Erek Adams (Oct 12)
- Reload rules w/o restarting ? james (Oct 12)
- Re: Unknown Sig Name ??? roman (Oct 22)
- hits to pare down snort alerts james (Oct 11)