Explain unified2 Output

["sumitkamboj88 () gmail com" <sumitkamboj88 () gmail com>]

Hello
Below is output of snort log using unified2.


(IPv6 Event)
    sensor id: 0    event id: 7    event second: 1369738500    event
microsecond: 659058
    sig id: 1000008    gen id: 1    revision: 1     classification: 9
    priority: 1    ip source: X:X:X:X::X    ip destination: X:X:X:X::X
    src port: 21    dest port: 38469    protocol: 6    impact_flag: 0
blocked: 0

Packet
    sensor id: 0    event id: 7    event second: 1369738500
    packet second: 1369738500    packet microsecond: 659058
    linktype: 1    packet_length: 108
[    0] 08 00 27 F5 8B BF 0A 00 27 00 00 00 86 DD 60 00  ..'.....'.....`.
[   16] 00 00 00 36 06 FE 20 01 0D B8 00 00 F1 02 00 00  ...6.. .........
[   32] 00 00 00 00 00 02 20 01 0D B8 00 00 F1 01 00 00  ...... .........
[   48] 00 00 00 00 00 02 00 15 96 45 74 80 B9 1E 05 AD  .........Et.....
[   64] E7 62 80 18 06 F9 20 5A 00 00 01 01 08 0A 00 20  .b.... Z.......
[   80] FE CD 00 21 B4 80 35 33 30 20 4C 6F 67 69 6E 20  ...!..530 Login
[   96] 69 6E 63 6F 72 72 65 63 74 2E 0D 0A              incorrect...


I do not have any clue about event second and event microsecond. Can any
one explain what these two representing. Is it combination of year, month,
day, hour,second or anything else. Please help to understand both.

-- 
Warm Regards
Sumit Kumar

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!