Snort mailing list archives
Re: novice question: logs
From: Erek Adams <erek () theadamsfamily net>
Date: Sat, 12 Jan 2002 09:02:32 -0800 (PST)
On Fri, 11 Jan 2002, John Sage wrote:
Justin: You don't say what version snort/what OS platform you're running (which can sometimes be helpful..) but the only place I find the string "ICMP Unreachable IP short header" anywhere in the files of snort 1.8.2 build 86 on Linux is within decode.c
If I were to take a wild, flying guess, I'd say Solaris 7 MU4. [...nice explanation snipped...]
The "ID 702911 daemon.error" has me a little puzzled. "daemon.error" is from the klogd/syslogd logging process, and is facility.priority "ID 702911" shows up on a bazillion Google search hits, but none of them explain **what** its significance is...
From the Solaris syslogd man pages:
[...snip...] Example 2: syslogd output with ID generation enabled when writing to log file /var/adm/messages The following example shows the output from syslogd when message ID generation is enabled. Note that the message ID is displayed when writing to log file/var/adm/messages. Sep 29 21:41:18 cathy ufs: [ID 845546 kern.notice] alloc /: file system full [...snip...] The ID is a message identifier. Solaris 7 MU4 (or was it MU3) turned on that 'feature' by default. It really gave our syslog parsing scripts a headache till we realized what/where it was coming from. Hope that helps! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- novice question: logs Justin Ferguson (Jan 11)
- signature and update Ganu Skop (Jan 11)
- Re: novice question: logs John Sage (Jan 11)
- Re: novice question: logs Erek Adams (Jan 12)
- Re: novice question: logs John Sage (Jan 12)
- Re: novice question: logs Erek Adams (Jan 12)