Re: Parsing SID field

[Jeff Nathan <jeff () snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[A:B:C]

A = generator
B = sid
C = rev

check generators.h and the output plugins for more information.

- -Jeff

- --On Tuesday, June 3, 2003 13:25 -0700 "Todd A. Jacobs" 
<nospam () codegnome org> wrote:

> In an alert file, I can't figure out what the first field of the SID
> record is telling me. For example:
>
>       [1:1002:5]
>
> is SID 1002, Revision 5. But what is the 1 telling me?
>
> --
> The DMCA is anti-consumer. The RIAA has no right to rewrite copyright
> laws to suit themselves.
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: eBay
> Get office equipment for less on eBay!
> http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



- --
http://cerberus.sourcefire.com/~jeff       (gpg key available)
Great spirits have always encountered violent opposition from mediocre
minds.
- - Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)

iD8DBQE+3R3eEqr8+Gkj0/0RAp9RAKDHv7C/9ScA1CSjGHnJl8evNuDGmQCgvBDJ
Myx2zSj4XujhR5xR5fnD8n8=
=MGdI
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users