Snort mailing list archives
Question about rule numbers and Syslog
From: "Truax, Shawn (MBS)" <Shawn.Truax () mbs gov on ca>
Date: Mon, 25 Oct 2004 13:10:45 -0400
When you receive a syslog message from Snort it gives a rule number of #:###:#. For example 1:255:8 is DNS Zone Transfer TCP. I know that the middle number is the sid for the rule. My question is what are the other 2 numbers, where do they come from and are they in the acid database anywhere. Shawn Truax Sr. Security Specialist Corporate Security 155 University Ave. Toronto, Ontario M5H 3B7 (416)327-1107
Current thread:
- Question about rule numbers and Syslog Truax, Shawn (MBS) (Oct 25)
- Message not available
- Re: Question about rule numbers and Syslog Matt Kettler (Oct 25)
- Message not available
- <Possible follow-ups>
- RE: Question about rule numbers and Syslog Truax, Shawn (MBS) (Oct 25)