event id = 0 on all unified2 events

[Eugenio Pérez <eupm90 () gmail com>]

Hi everyone.

I've just installed snort and I'm seeing that all events in the unified2
file have the event id field set to 0.

I've check the rules, and they have all a sid != 0, and I've configured the
snort.conf unified output plugin like this:

output unified2: filename snort.log, limit 128

The same snort installation runs fine in others machines. So, under what
circumstances this field is set to 0? Where I should look to get the event
id field filled?

BTW, I'm using the snort version 2.9.4.0.

Thanks in advance.

------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!