Snort mailing list archives
Re: Question about Line in Logfile...
From: Erek Adams <erek () snort org>
Date: Thu, 24 Jul 2003 10:47:37 -0400 (EDT)
On Wed, 23 Jul 2003, Thomas Bechtold wrote:
If i'm logging with the following command: snort -c /etc/snort/snort.conf -A console I get the alerts out to the console now. My Question is what this line wants to tell me: 07/23-00:18:28.945319 [**] [1:0:0] Test [**] [Priority: 0] {TCP}\ 217.224.228.216:33137 -> 81.57.63.19:2234 I don't know what [1:0:0] means.
[A:B:C] A = generator B = sid C = rev Generator ID's are found in src/generators.h. So the 1 is: #define GENERATOR_SNORT_ENGINE 1 So Snort generated the alert of SID 0 and Revision 0. Something's not right about that though, as there is no SID 0. Do you have sid-msg.map and gen-msg.map correctly installed? Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Question about Line in Logfile... Thomas Bechtold (Jul 22)
- Re: Question about Line in Logfile... Erek Adams (Jul 24)
- Re: Question about Line in Logfile... Chris Green (Jul 28)
- Re: Question about Line in Logfile... Erek Adams (Jul 24)