Snort mailing list archives
Fast Alert Log Format
From: Bill McCarty <bmccarty () apu edu>
Date: Sun, 03 Mar 2002 22:11:01 -0800
I'm writing a program to process lines in Snort's Fast Alert Log. However, I can't decipher several of the fields.
Here's a typical log entry:03/03-22:06:32.396957 [**] [1:300001:1] Service Hunt [**] [Classification: Misc activity] [Priority: 3] {TCP} xxx.xxx.xxx.xxx:40144 -> xxx.xxx.xxx.xxx:21
Can someone tell me what information can appear in the two fields containing asterisks? In my logs I find no entry in which they contain anything else.
And, can someone tell me the meaning of the number preceding the sid (3000001) and rule revision number?
Thanks! _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Fast Alert Log Format Bill McCarty (Mar 03)
- Re: Fast Alert Log Format Martin Roesch (Mar 04)
- Re: Fast Alert Log Format Bill McCarty (Mar 04)
- Re: Fast Alert Log Format Martin Roesch (Mar 04)