U2 growing rapidly in size, by2 errors regarding event microsecond and revision [0]

[Matt Condon <matty_condon () hotmail com>]

Hey list, turns out my aging snort setup is giving me problems, was not outputting to db so I checked the sensor. By2 
was giving errors along the lines of:

"Current event with Event_id [32477] Event Second: 1.263736728 microsecond and signature id of 
[4165425152<tel:4165425152>] was logged with a revision of (0)"

Could not find that sigid anywhere in rules file, sidmsg.map or db. Event id did exist in db but was dated a long time 
ago.


In addition to this I had something like 100 u2 files - upon restarting snort it seemed u2 files were filling up within 
minutes, usually a u2 file will stay around a mb or so I thought and was parsed out by the by2.

I'm not sure if the two issues are related but I would guess they are.

Anyone experienced anything like this?

Sent from my iPhone
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!