[Snort-sigs] Explain unified2 Output

sumitkamboj88 at ...2420... sumitkamboj88 at ...2420...
Fri May 31 00:26:36 EDT 2013


Hello
Below is output of snort log using unified2.


(IPv6 Event)
    sensor id: 0    event id: 7    event second: 1369738500    event
microsecond: 659058
    sig id: 1000008    gen id: 1    revision: 1     classification: 9
    priority: 1    ip source: X:X:X:X::X    ip destination: X:X:X:X::X
    src port: 21    dest port: 38469    protocol: 6    impact_flag: 0
blocked: 0

Packet
    sensor id: 0    event id: 7    event second: 1369738500
    packet second: 1369738500    packet microsecond: 659058
    linktype: 1    packet_length: 108
[    0] 08 00 27 F5 8B BF 0A 00 27 00 00 00 86 DD 60 00  ..'.....'.....`.
[   16] 00 00 00 36 06 FE 20 01 0D B8 00 00 F1 02 00 00  ...6.. .........
[   32] 00 00 00 00 00 02 20 01 0D B8 00 00 F1 01 00 00  ...... .........
[   48] 00 00 00 00 00 02 00 15 96 45 74 80 B9 1E 05 AD  .........Et.....
[   64] E7 62 80 18 06 F9 20 5A 00 00 01 01 08 0A 00 20  .b.... Z.......
[   80] FE CD 00 21 B4 80 35 33 30 20 4C 6F 67 69 6E 20  ...!..530 Login
[   96] 69 6E 63 6F 72 72 65 63 74 2E 0D 0A              incorrect...


I do not have any clue about event second and event microsecond. Can any
one explain what these two representing. Is it combination of year, month,
day, hour,second or anything else. Please help to understand both.

-- 
Warm Regards
Sumit Kumar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130531/88963144/attachment.html>


More information about the Snort-sigs mailing list