Snort mailing list archives
U2 growing rapidly in size, by2 errors regarding event microsecond and revision [0]
From: Matt Condon <matty_condon () hotmail com>
Date: Fri, 21 Apr 2017 03:40:22 +0000
Hey list, turns out my aging snort setup is giving me problems, was not outputting to db so I checked the sensor. By2 was giving errors along the lines of: "Current event with Event_id [32477] Event Second: 1.263736728 microsecond and signature id of [4165425152<tel:4165425152>] was logged with a revision of (0)" Could not find that sigid anywhere in rules file, sidmsg.map or db. Event id did exist in db but was dated a long time ago. In addition to this I had something like 100 u2 files - upon restarting snort it seemed u2 files were filling up within minutes, usually a u2 file will stay around a mb or so I thought and was parsed out by the by2. I'm not sure if the two issues are related but I would guess they are. Anyone experienced anything like this? Sent from my iPhone ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- U2 growing rapidly in size, by2 errors regarding event microsecond and revision [0] Matt Condon (Apr 20)