Snort mailing list archives
Re: [Snort-sigs] Snort Alert [1:1411:0] ) (etc) alerts
From: Jens Krabbenhoeft <tschenz-snort-sigs () noris net>
Date: Thu, 5 Dec 2002 20:30:17 +0100
Michael,
[1:1411:0]" (etc) alerts in my database database and I wonder if they are because Snort and Barnyard is not in sync or that because I use tagging?
It's when barnyard is using a sid-msg.map file where the alert (1411) is not defined. So it's a sync-problem between your rules and die sid-msg.map. HTH, Jens ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Alert [1:1411:0] ) (etc) alerts Michael Boman (Dec 05)
- Re: [Snort-sigs] Snort Alert [1:1411:0] ) (etc) alerts Jens Krabbenhoeft (Dec 09)