Re: Unknown Sig Name ???

[roman () danyliw com]

Any chance you are using tagging?  My limited testing shows that 
the packets logged with tag will be written to the database with 
a NULL signature.

Roman

On Thu, 11 Oct 2001 sduncan () cytechconsult com wrote:

> Hi Roman, thanks for the help. It looks like I have two entries in my signature
> table with:
>
> sig_name (no value)
> sig_class_id 0   
> sig_priority NULL
> sig_rev NULL
>
> I am running:
>
> snort 1.8.1-RELEASE
> ACID 0.9.6b13
> Schema from contrib/ in snort-1.8.1-RELEASE
>
> Any ideas?
>
> Scott
>
> > >
> > - In the database, check for any rows in the event tables which
> > have a signature = 0?
> > (SELECT * FROM event WHERE signature = 0)
> > - Check if there are any rows in the event table whose signature field
> > is not a valid key in the signature table (i.e. not a valid sig_id)
> >
> > (SELECT DISTINCT signature FROM event;   
> >   SELECT DISTINCT sig_id FROM signature;
> >
> >   compare these lists)
> >
> > Roman
> >
> >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Can anybody give me some clues on how to debug this message I am getting in
> > > acid? Is it a problem with classification.config? I am running snort 1.8.1
> > > on
> > > one box with a local mysql database and snort1.8.1 on another box which is
> > > logging alerts to the first boxen's database. Thanks in advance...
> > >
> > > Scott Duncan
>
> >


---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users