Snort mailing list archives

Classification List and numeric values

From: Snort User <snort () frenzy org>
Date: Wed, 9 Jul 2003 16:58:49 -0700 (PDT)

  On a related question this topic, is there a way to get the numeric
values assigned to the classification list in classification.config?
The exact value I'm looking for is in the event.h, the struct
Event classification unsigned 32bit int.
I've looked through the code, but there's a lot of it, so i seem to
have missed it.
  If there's a file that those values are in, pointing me in the right
direction would be wonderful.

Thanks for the help.

Randy

"Sed Quis Custodiet Ipsos Custodes?" -Juvenal

This communication (including any attachments) is intended for the use of the intended
recipient only and may contain information that is confidential, privileged or legally
protected. Any unauthorized use or dissemination of this communication is strictly
prohibited. If you have received this communication in error, please immediately notify
the sender by return e-mail message and delete all copies of the original communication.
Thank you for your cooperation.





On Wed, 9 Jul 2003, Erek Adams wrote:

On Wed, 9 Jul 2003, Sudhakar Gummadi wrote:

I was wondering where can I get the list of Classifications which come
under (Priority: 1 Priority: 2 and Priority: 3)  which are written to
the (alert) log file.

Right now I am generating email alerts only for Priority: 1.  I do not
want to miss some important alerts which come under Priority:2 and 3
classification.

If I can get a complete list of alerts which corresponds to the 3
classifications then it will be very helpful.

Any suggestions really appreciated.


/etc/snort/classification.config

Or whatever the path to that file is.  If you aren't sure where it is:

        cd /
        find . -type f -name classification.config -print

Or if it's installed:

        locate classification.config

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Classification List Sudhakar Gummadi (Jul 09)
- Re: Classification List Erek Adams (Jul 09)
  - Classification List and numeric values Snort User (Jul 09)
    - Re: Classification List and numeric values Chris Green (Jul 10)