Snort mailing list archives
Re: event id = 0 on all unified2 events
From: Jeremy Hoel <jthoel () gmail com>
Date: Thu, 6 Feb 2014 18:25:32 +0000
The first comment you'll get is that 2.9.4 is End of Life and it will be recommended that you upgrade to a more recently supported version before any other help is probably given. That's 2.9.5.6 or 2.9.6.0 On Thu, Feb 6, 2014 at 12:56 PM, Eugenio Pérez <eupm90 () gmail com> wrote:
Hi everyone. I've just installed snort and I'm seeing that all events in the unified2 file have the event id field set to 0. I've check the rules, and they have all a sid != 0, and I've configured the snort.conf unified output plugin like this: output unified2: filename snort.log, limit 128 The same snort installation runs fine in others machines. So, under what circumstances this field is set to 0? Where I should look to get the event id field filled? BTW, I'm using the snort version 2.9.4.0. Thanks in advance. ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- event id = 0 on all unified2 events Eugenio Pérez (Feb 06)
- Re: event id = 0 on all unified2 events Jeremy Hoel (Feb 06)