Snort mailing list archives
Re: what is this mean?
From: "Vinay A. Mahadik" <VAMahadik () lbl gov>
Date: Tue, 13 Aug 2002 17:17:17 -0700
Matt Kettler wrote:
Offhand I can't tell you what the first number (the 1) is, but the second
It's the signature generator sig_generator :
grep sig_generator *.h
event.h: u_int32_t sig_generator; /* which part of snort generated the alert? */
grep sig_generator *.c
log.c: (unsigned long) event->sig_generator,
log.c: (unsigned long) event->sig_generator,
log.c: (unsigned long) event->sig_generator,
log.c: event->sig_generator = generator;
rules.c: otn_tmp->event_data.sig_generator = GENERATOR_SNORT_ENGINE;
spo_SnmpTrap.c: if (event->sig_generator ==
GENERATOR_SPP_PORTSCAN)
spo_SnmpTrap.c: if (event->sig_generator == GENERATOR_SPP_PORTSCAN)
spo_alert_syslog.c: (unsigned long)
event->sig_generator,
spo_idmef.c: switch(event->sig_generator)
spo_unified.c: logheader.event.sig_generator =
event->sig_generator;
spo_unified.c: printf("gen: %u\n",
logheader.event.sig_generator);
spo_unified.c: alertdata.event.sig_generator =
event->sig_generator;
And from log.c :
void AlertFull(Packet * p, char *msg, FILE * file, Event *event)
{
char timestamp[TIMEBUF_SIZE];
if(msg != NULL)
{
fwrite("[**] ", 5, 1, file);
if(event != NULL)
{
fprintf(file, "[%lu:%lu:%lu] ",
(unsigned long) event->sig_generator,
(unsigned long) event->sig_id,
(unsigned long) event->sig_rev);
}
...
--
Vinay A. Mahadik
Summer Intern
Computer Protection Program
Lawrence Berkeley National Laboratory
(510) 495 2618
-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- what is this mean? SW (Aug 12)
- Re: what is this mean? Matt Kettler (Aug 12)
- Re: what is this mean? Vinay A. Mahadik (Aug 13)
- Re: what is this mean? Matt Kettler (Aug 12)