Snort mailing list archives

Re: BASE is showing "Snort Alert" and sid instead of the message field.

From: "Al Lewis \(allewi\) via Snort-users" <snort-users () lists snort org>
Date: Tue, 19 Sep 2017 16:50:23 +0000

Its a preprocessor rule:

ALLEWI-M-8257:~ allewi$ less /var/tmp/snort-2.9.9.0-released/preproc_rules/preprocessor.rules | grep 120 | grep "sid: 3"
alert ( msg: "HI_SERVER_NO_CONTLEN"; sid: 3; gid: 120; rev: 1; metadata: rule-type preproc ; classtype:unknown; )
ALLEWI-M-8257:~ allewi$


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Snort-users <snort-users-bounces () lists snort org<mailto:snort-users-bounces () lists snort org>> on behalf of 
William Pearson <william () cnsp net<mailto:william () cnsp net>>
Date: Tuesday, September 19, 2017 at 12:43 PM
To: "Snort-users () lists snort org<mailto:Snort-users () lists snort org>" <Snort-users () lists snort 
org<mailto:Snort-users () lists snort org>>
Subject: [Snort-users] BASE is showing "Snort Alert" and sid instead of the message field.


[snort<http://www.snort.org/search/sid/120-3>] Snort Alert [120:3:1]


Any help in having it show the message field instead would be helpful. Not sure why it's doing that.

Will

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

BASE is showing "Snort Alert" and sid instead of the message field. William Pearson (Sep 19)
- Re: BASE is showing "Snort Alert" and sid instead of the message field. Al Lewis (allewi) via Snort-users (Sep 19)