Re: Unknown Sig Name ???

[roman () danyliw com]

Scott,

A couple of questions to further understand the situation:

- What version of ACID?
- What version of the DB schema?
- Do all signatures appear with the "Unknown Sig Name" string?

Log into the database and run these queries:

- In the database, check for any rows in the event tables which
have a signature = 0?
(SELECT * FROM event WHERE signature = 0)
- Check if there are any rows in the event table whose signature field
is not a valid key in the signature table (i.e. not a valid sig_id)

(SELECT DISTINCT signature FROM event;
  SELECT DISTINCT sig_id FROM signature;

  compare these lists)

Roman


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Can anybody give me some clues on how to debug this message I am getting in
> acid? Is it a problem with classification.config? I am running snort 1.8.1 on
> one box with a local mysql database and snort1.8.1 on another box which is
> logging alerts to the first boxen's database. Thanks in advance...
>
> Scott Duncan
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.4 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE7xKvvk2DKE9dAYTcRAkSOAKCHlO3xEuF8+Pfv5OSnnWuETj2+lwCeKuDI
> zCMirnrbE5bYtKyQcyGGmEQ=
> =saqf
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users