Snort mailing list archives
Re: Question about Line in Logfile...
From: Erek Adams <erek () snort org>
Date: Thu, 24 Jul 2003 10:47:37 -0400 (EDT)
On Wed, 23 Jul 2003, Thomas Bechtold wrote:
If i'm logging with the following command:
snort -c /etc/snort/snort.conf -A console
I get the alerts out to the console now.
My Question is what this line wants to tell me:
07/23-00:18:28.945319 [**] [1:0:0] Test [**] [Priority: 0] {TCP}\
217.224.228.216:33137 -> 81.57.63.19:2234
I don't know what [1:0:0] means.
[A:B:C]
A = generator
B = sid
C = rev
Generator ID's are found in src/generators.h.
So the 1 is:
#define GENERATOR_SNORT_ENGINE 1
So Snort generated the alert of SID 0 and Revision 0.
Something's not right about that though, as there is no SID 0. Do you
have sid-msg.map and gen-msg.map correctly installed?
Cheers!
-----
Erek Adams
"When things get weird, the weird turn pro." H.S. Thompson
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Question about Line in Logfile... Thomas Bechtold (Jul 22)
- Re: Question about Line in Logfile... Erek Adams (Jul 24)
- Re: Question about Line in Logfile... Chris Green (Jul 28)
- Re: Question about Line in Logfile... Erek Adams (Jul 24)