Snort mailing list archives

Barnyard-2.0, snort-2.4, and a rule that wont display the msg tag.

From: David Gianndrea <dgianndrea () comsquared com>
Date: Tue, 07 Feb 2006 14:17:39 -0500

I think I have heard something about this on the list before.

I'm using Barnyard-2.0, and Snort-2.4 in unified output mode.
I have a rule that fires off, but the contents of the " msg "
option is not getting logged. Instead I get this showing up.

[local] [snort] Snort Alert [1:3000003:0]

alert tcp $SMTP_SERVERS 25 -> $EXTERNAL_NET any (msg:"POLICY SMTP Spamdenied by Spamcop"; flow:established,from_server; content:"spamcop.net";reference:url,spamcop.net; classtype:misc-activity; sid:3000003; rev:9;)


Is this happening because this is not listed in the sid-msg.map file?

--
David Gianndrea
Senior Network Engineer
Comsquared Systems, Inc.

Email:   dgianndrea () comsquared com
Web:     www.comsquared.com


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Barnyard-2.0, snort-2.4, and a rule that wont display the msg tag. David Gianndrea (Feb 07)
- Message not available
  - Re: Barnyard-2.0, snort-2.4, and a rule that wont display the msg tag. David Gianndrea (Feb 07)
    - Re: Barnyard-2.0, snort-2.4, and a rule that wont display Jeff Kell (Feb 07)
    - Re: Barnyard-2.0, snort-2.4, and a rule that wont display the msg tag. Andreas Östling (Feb 07)