Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: invalid event id, eventlog, win32

From: "Chris Reid" <Chris.Reid () codecraftconsultants com>
Date: Mon, 09 Feb 2004 08:43:52 -0700
This is a known issue which has already been corrected in the snort 2.1.1 
source code.  Try downloading one of the versions of snort from our 
website (www.codecraftconsultants.com) and see if that fixes the problem.

Chris Reid



-----Original Message-----
From: Daniel Guido <infiniteedge () speakeasy net>
To: snort-users () lists sourceforge net
Date: Sat, 07 Feb 2004 02:28:00 -0500
Subject: [Snort-users] invalid event id, eventlog, win32


snort under these conditions:
windows xp
snort 2.1.0
'snort /SERVICE /INSTALL -de -X -b -l C:\snort\log -c 
C:\snort\etc\snort.conf'
'output alert_syslog: LOG_AUTH LOG_ALERT'

gives me this output in the eventlog:
The description for Event ID ( 1 ) in Source ( snort ) cannot be found.
The local computer may not have the necessary registry information or 
message DLL files to display messages from a remote computer. You may
be 
able to use the /AUXSOURCE= flag to retrieve this description; see Help
and Support for details. The following information is part of the
event: 
[1:1852:3] WEB-MISC robots.txt access [Classification: access to a 
potentially vulnerable web application] [Priority: 2]: {TCP} 
x.x.x.x:57793 -> x.x.x.x:80.

i searched google for some answers but only found a few of the same 
questions.  I had 2.0.4 running fine before this.  Does anyone know
what 
this means?

Dan Guido


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: