Snort Alert [x:x:x] revisited

[Kevin Peuhkurinen <kevin.peuhkurinen () hepcoe com>]

A few days ago I posted because all of a sudden I was getting generic 
Snort alerts and had no idea why.  I figured it out and thought I'd post 
here in case anyone else has the same problem.

What I was doing was updating the rules, and the sid-msg.map file with 
it, and restarting Snort.   However, I wasn't restarting Barnyard at the 
same time.   I guess that when you launch Barnyard, it reads the 
sid-msg.map and never refers to the file again.   The file would get 
updated, and Snort would start alerting on the new signatures, but 
Barnyard wouldn't know what the message would be and would thus send 
these generic "Snort Alert [x:x:x]" alerts to the database.

Since then I have begun restarting Barnyard as well as Snort whenever 
the rules get updated, and I haven't seen these errors since.




-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users