Snort mailing list archives

About IDMEF XML

From: lucy lee <kidlucy88 () yahoo com>
Date: Sun, 13 Apr 2003 19:14:31 -0700 (PDT)

Hi,
  I run snort(snort-1.9.0-idmef-1.1) in debug state
and get some messages:
 IDMEF: IDMEF output facility = alert
 IDMEF: IDMEF XML dtd = idmef-message.dtd
 IDMEF: IDMEF analyzerid = IDS1
 IDMEF: Indented output: true
 IDMEF: IDS alert_id file = /var/log/alert_id_num
 IDMEF: Done parsing args
 getStoredAlertID: Stored alert ID not found in
/var/log/alert_id_num, continuing with alert ID = 1
 idmef: No stored alert id.  Continuing with alert id
= 1
!!!!!!!1334 Snort rules read...
1334 Option Chains linked into 147 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order:
->activation->dynamic->alert->pass->log

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.9.0 (Build 209)
By Martin Roesch (roesch () sourcefire com,
www.snort.org)
IDMEF(): Unknown caller type, returning
IDMEF(): Unknown caller type, returning
IDMEF(): not an IDMEF rule, returning
IDMEF(): not an IDMEF rule, returning
IDMEF(): not an IDMEF rule, returning
IDMEF(): not an IDMEF rule, returning
IDMEF(): not an IDMEF rule, returning
IDMEF(): not an IDMEF rule, returning
Segmentation fault
  Now alert_id_number is more(in /var/log),while
alert_id_num is empty. idmef-messages.log is empty
too.
  What wrong with me ?
  BTW,configure snort with option --enable-idmef
--enable-debug --with-libxml2-includes=dir1
--with-libidmef-includes=dir2
--with-libntp-libraries=dir3
      configure libidmef with option --enable-debug
--with-libxml2-includes=dir1
      rules are modified by append_idmef.pl(provided
by idmef-xml-plugin-0.2.2.tar.gz).
     Any reply is welcome and appreciated.

Lucy

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

About idmef xml lucy lee (Apr 08)
- <Possible follow-ups>
- About IDMEF XML lucy lee (Apr 13)
- about idmef xml lucy lee (Apr 16)