Snort mailing list archives

Previous By Date Next
Previous By Thread Next

problem with Snort Alert Descriptions

From: John Ainsworth <john.ainsworth () thebookpeople co uk>
Date: Wed, 1 May 2013 16:55:28 +0100
Hi

I have setup 2 snort servers with Base, barnyar2 and pulledpork

1 runs on Ubuntu 12.04 32bit , the other on Ubuntu 12.04 64 bit.

The actual snort config is identical between the 2 boxes

However in Base on the 32bit the alerts signature is correctly displaying the friendly description for the alert
Ie
#0-(3-6)<http://10.0.0.96/base/base_qry_alert.php?submit=%230-%283-6%29&sort_order=>

[snort<http://www.snort.org/search/sid/1-2008597>] ET SCAN Cisco Torch SNMP Scan


But on the 64bit one any alerts triggered just show the signature id, not the more friendly description

#192-(3-404104)<http://10.3.0.41/base/base_qry_alert.php?submit=%23192-%283-404104%29&sort_order=>

[snort<http://www.snort.org/search/sid/129-2>] Snort Alert [129:2:1]



Im not sure the problem is linked to 32bit/64bit but it's the only difference between the way the servers were setup.
Anyone any ideas on what to look at

Thanks
John
--
[http://www.thebookpeople.co.uk/siteimages/tbp/logo.gif.png] John Ainsworth  - IT Manager
01942 868097  (extension 1105)  07733 323091
[http://www.thebookpeople.co.uk/images/emails/imreading.gif]
[http://images.thebookpeople.co.uk/images/books/small/AEYRF.jpg] ASH
James Herbert [http://www.thebookpeople.co.uk/images/emails/emailBuyNowButton.jpg] 
<http://www.thebookpeople.co.uk/webapp/wcs/stores/servlet/qs_searchResult_tbp?storeId=10001&catalogId=10051&langId=100&pageSize=20&pageNumber=0&searchTerm=AEYRF>
This Email and any attachments to it may be confidential and are intended solely for the use of the individual to whom 
it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those 
of The Book People Limited. If you are not the intended recipient of this email, you must neither take any action based 
upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email 
in error.


------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: