![snort logo](/images/snort-logo.png)
Snort mailing list archives
Re: Unknown Sig Name ???
From: roman () danyliw com
Date: Mon, 22 Oct 2001 22:06:21 US/Eastern
Any chance you are using tagging? My limited testing shows that the packets logged with tag will be written to the database with a NULL signature. Roman On Thu, 11 Oct 2001 sduncan () cytechconsult com wrote:
Hi Roman, thanks for the help. It looks like I have two entries in my signature table with: sig_name (no value) sig_class_id 0 sig_priority NULL sig_rev NULL I am running: snort 1.8.1-RELEASE ACID 0.9.6b13 Schema from contrib/ in snort-1.8.1-RELEASE Any ideas? Scott- In the database, check for any rows in the event tables which have a signature = 0? (SELECT * FROM event WHERE signature = 0) - Check if there are any rows in the event table whose signature field is not a valid key in the signature table (i.e. not a valid sig_id) (SELECT DISTINCT signature FROM event; SELECT DISTINCT sig_id FROM signature; compare these lists) Roman-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can anybody give me some clues on how to debug this message I am getting in acid? Is it a problem with classification.config? I am running snort 1.8.1 on one box with a local mysql database and snort1.8.1 on another box which is logging alerts to the first boxen's database. Thanks in advance... Scott Duncan
--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Unknown Sig Name ??? roman (Oct 11)
- hits to pare down snort alerts james (Oct 11)
- Re: hits (hints) to pare down snort alerts james (Oct 11)
- <Possible follow-ups>
- Re: Unknown Sig Name ??? sduncan (Oct 11)
- Re: Unknown Sig Name ??? Susan Kay Coulter (Oct 12)
- Reload rules w/o restarting ? james (Oct 12)
- Re: Reload rules w/o restarting ? Erek Adams (Oct 12)
- Reload rules w/o restarting ? james (Oct 12)
- Re: Unknown Sig Name ??? roman (Oct 22)
- hits to pare down snort alerts james (Oct 11)