[Snort-sigs] snort snort don't recognize plugin sid set by me

Daniel Lopez danilogo1991 at ...2420...
Thu May 14 18:26:34 EDT 2015


Hi
I created a new rule for snort with the following sid:10001
i recieve alerts trigered by this rule in OSSIM web interface but it
appears as Generic event. When i open the event detail window i find the
event type id is changed to 2000000000 and payload contains [Unknown plugin
sid: 10001].....

Problem is that i can't differentiate between alerts triggered by rules
created by me in a correlation directive.
How can i set a proper name for the rule rather than Generic Event?
How can i make the system to reconize event type set by me?
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20150515/748b5314/attachment.html>


More information about the Snort-sigs mailing list