Re: novice question: logs

[Erek Adams <erek () theadamsfamily net>]

On Fri, 11 Jan 2002, John Sage wrote:

> Justin:
>
> You don't say what version snort/what OS platform you're running (which
> can sometimes be helpful..) but the only place I find the string "ICMP
> Unreachable IP short header" anywhere in the files of snort 1.8.2 build
> 86 on Linux is within decode.c

If I were to take a wild, flying guess, I'd say Solaris 7 MU4.

[...nice explanation snipped...]

> The "ID 702911 daemon.error" has me a little puzzled.
>
> "daemon.error" is from the klogd/syslogd logging process, and is
> facility.priority
>
> "ID 702911" shows up on a bazillion Google search hits, but none of them
> explain **what** its significance is...

> From the Solaris syslogd man pages:

[...snip...]

     Example 2:  syslogd output with ID generation  enabled  when
     writing to log file /var/adm/messages

     The following example shows the output  from  syslogd   when
     message  ID generation is enabled. Note that  the message ID
     is displayed when writing to log file/var/adm/messages.

      Sep 29 21:41:18 cathy ufs: [ID 845546 kern.notice] alloc /: file system
full

[...snip...]

The ID is a message identifier.  Solaris 7 MU4 (or was it MU3) turned on that
'feature' by default.  It really gave our syslog parsing scripts a headache
till we realized what/where it was coming from.

Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users