Re: Snort Alert [1:1000001:1]

[Michael Brown <mike.a.brown09 () gmail com>]

Normally that is created to test snort after you configure and set it up
for the first time.

---
Thank you,

Michael A. Brown
mike.a.brown09 () gmail com
(757) 912-0836
M.S. Forensic Studies: Computer Forensics
B.S. Information Technology: Network Specialist

"The only thing necessary for the triumph of evil is for good men to do
nothing" -Edmund Burke


On Wed, Feb 19, 2014 at 3:24 PM, Jeremy Hoel <jthoel () gmail com> wrote:

> This looks like a custom rule that you wrote ( the SID is not a normal
> one, check local.rules) and the problem is that the sid map didn't get
> updated, probably because you don't run a rule management tool; pulledpork
> for example?
>
>
> On Wed, Feb 19, 2014 at 12:02 PM, Angel Chiriboga Torres <
> angel.chiriboga () e-govsolutions net> wrote:
>
> > Hi everyone,
> >
> >
> >
> > I need your help with a problem with Snort. All the events appear like
> > the following picture.
> >
> >
> >
> >
> >
> > Why events look this way? How I can fix them?
> >
> >
> >
> > Please, I wait your response as soon as possible.
> >
> >
> >
> > Thanks.
> >
> >
> >
> > Regards.
> >
> >
> >
> > --
> >
> > Ángel Chiriboga Torres
> >
> > *IT Security Specialist*
> >
> > *EGOVERMENT SOLUTIONS S.A.*
> >
> > E-mail: *angel.chiriboga () e-govsolutions net
> > <angel.chiriboga () e-govsolutions net>*
> >
> > Web: http://www.e-govsolutions.net
> >
> > Celular: +593-995093859
> >
> > Skype: angelctorres
> >
> >
> >
> > *P* *No imprima este mail a menos que sea absolutamente necesario*
> >
> > *Save a tree, don´t print this e-mail unless it´s really necessary*
> >
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Managing the Performance of Cloud-Based Applications
> > Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> > Read the Whitepaper.
> >
> > http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
>
>
>
> ------------------------------------------------------------------------------
> Managing the Performance of Cloud-Based Applications
> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> Read the Whitepaper.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!

------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!