Re: novice question: logs

[John Sage <jsage () finchhaven com>]

Dy-no-mite!

It was really quite puzzling to have, as I said, at least a bazillion 
hits on "ID 702911" (I'm not exagerating! at *least* a bazillion!) but 
no one seeming to be paying  any attention to what that was, itself.

The focus of all the posts was actually on other stuff...

An interesting example of how a search engine can find alot of what you 
asked about, but still not answer your question ;-)

thnx..


- John



Erek Adams wrote:

> On Fri, 11 Jan 2002, John Sage wrote:


<snip>

> > The "ID 702911 daemon.error" has me a little puzzled.
> >
> > "daemon.error" is from the klogd/syslogd logging process, and is
> > facility.priority
> >
> > "ID 702911" shows up on a bazillion Google search hits, but none of them
> > explain **what** its significance is...
>
> > From the Solaris syslogd man pages:
>
> [...snip...]
>
>      Example 2:  syslogd output with ID generation  enabled  when
>      writing to log file /var/adm/messages
>
>      The following example shows the output  from  syslogd   when
>      message  ID generation is enabled. Note that  the message ID
>      is displayed when writing to log file/var/adm/messages.
>
>       Sep 29 21:41:18 cathy ufs: [ID 845546 kern.notice] alloc /: file system
> full
>
> [...snip...]
>
> The ID is a message identifier.  Solaris 7 MU4 (or was it MU3) turned on that
> 'feature' by default.  It really gave our syslog parsing scripts a headache
> till we realized what/where it was coming from.
>
> Hope that helps!
>
> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users