Snort mailing list archives
Re: Snort++ weird alerts popping
From: Russ <rucombs () cisco com>
Date: Sun, 25 Sep 2016 22:50:42 -0400
What version of Snort++ are you running? Can you try using -A cmg or -A csv to see what the alerts look like? On 9/25/16 12:14 PM, João Soares wrote:
Greetings, Lately I've been having a few problems with Snort++ Some alerts are constantly showing up with no relevant info, like this one: [**] [1:3827:14] "SERVER-WEBAPP PHP xmlrpc.php post attempt" [**] 09/25/16-17:10:44.470717 There are instances of the same alert, with every bit of detail like the classification, source and destination IPs/MACs, but then there are many like the one above with nothing but the description. Has this ever occurred to anyone?
------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort++ weird alerts popping João Soares (Sep 25)
- Re: Snort++ weird alerts popping Russ (Sep 25)
- Re: Snort++ weird alerts popping João Soares (Sep 26)
- Re: Snort++ weird alerts popping Russ (Sep 26)
- Re: Snort++ weird alerts popping João Soares (Sep 26)
- Re: Snort++ weird alerts popping Russ (Sep 25)