[Snort-devel] Problem with latest ruleset?

Keith McDuffee keith.mcduffee at ...209...
Wed Jan 17 17:16:34 EST 2001


I'm seeing a LOT of messages in my log files that look like the following:

Jan 16 15:12:45 host0 snort[10629]: ALERT: 204.60.171.10:9426 ->
192.168.1.104:80
Jan 16 15:12:47 host0 snort[10629]: ALERT: 204.60.171.10:9493 ->
192.168.1.104:80

What confuses me is that there's no details associated with the "ALERT", so
I have no idea what rule this is matching to. I noticed in "log.c" that this
happens when a rule is matched that does not have a msg attribute attached
to it. I scoured the rules I have, and I can find nothing without a msg
attribute.

This is using the latest full ruleset supplied by snort.org, running on
snort 1.7 on OpenBSD 2.6.  This does not happen with the previous ruleset
from December 2K.

Any help greatly appreciated!







More information about the Snort-devel mailing list