[Snort-sigs] Sig_reference table issue

shekhar $on! rajnish.soni89 at ...2420...
Fri Nov 18 08:33:02 EST 2016


Hi All,

To add more on this issue, i tested further and found that whenever any
rule matches, this type of alert got generated for that gid and sid.

INFO [dbProcessSignatureInformation()]: [Event: 59] with [gid: 1] [sid:
10009003] [rev: 1] [classification: 0] [priority: 0]
         was not found in barnyard2 signature cache, this could lead to
display inconsistency.
         To prevent this warning, make sure that your sid-msg.map and
gen-msg.map file are up to date with the snort process logging to the spool
file.
         The new inserted signature will not have its information present
in the sig_reference table.
         Note that the message inserted in the signature table will be
snort default message "Snort Alert [gid:sid:revision]"
         You can always update the message via a SQL query if you want it
to be displayed correctly by your favorite interface


Due to this my BASE is not showing proper signature name and the no of such
event is the signature table get increased.

Please someone reply as i have some urgent delivery pending due to this
error.

On Fri, Nov 18, 2016 at 2:14 PM, shekhar $on! <rajnish.soni89 at ...2420...>
wrote:

> Hi All,
>
> My sig_reference table is not updating with signature name.Its showing
> Default Snort Alert instead of signature name. Can someone help me here.
>
> | 154975 | Snort Alert [116:412:1]
>
>  |          181 |            3 |       1 |     412 |     116 |
> | 154976 | Snort Alert [116:414:1]
>
>  |          181 |            3 |       1 |     414 |     116 |
> | 154977 | Snort Alert [122:23:1]
>
> |          156 |            2 |       1 |      23 |     122 |
> | 154978 | Snort Alert [116:408:1]
>
>  |          181 |            3 |       1 |     408 |     116 |
> | 154979 | Snort Alert [116:431:1]
>
>  |          181 |            3 |       1 |     431 |     116 |
> | 154980 | Snort Alert [122:24:1]
>
> |          156 |            2 |       1 |      24 |     122 |
> | 154981 | Snort Alert [129:12:1]
>
> |          155 |            2 |       1 |      12 |     129 |
> | 154982 | Snort Alert [1:1917:15]
>
>  |          175 |            3 |      15 |    1917 |       1 |
> | 154983 | Snort Alert [1:24303:6]
>
>  |          181 |            3 |       6 |   24303 |       1 |
> | 154984 | Snort Alert [116:6:1]
>
>  |          178 |            3 |       1 |       6 |     116 |
> | 154985 | Snort Alert [129:15:1]
>
> |          155 |            2 |       1 |      15 |     129 |
> | 154986 | Snort Alert [122:22:1]
>
> |          156 |            2 |       1 |      22 |     122 |
> | 154987 | Snort Alert [122:21:1]
>
> |          156 |            2 |       1 |      21 |     122 |
> | 154988 | Snort Alert [128:4:1]
>
>  |          177 |            2 |       1 |       4 |     128 |
> | 154989 | Snort Alert [116:445:1]
>
>  |          155 |            2 |       1 |     445 |     116 |
> | 154990 | Snort Alert [1:2329:14]
>
>  |          161 |            1 |      14 |    2329 |       1 |
> +--------+--------------------------------------------------
> ------------------------------------------------------------
> ------------------------------+--------------+--------------
> +---------+---------+---------+
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161118/e25a8a7e/attachment.html>


More information about the Snort-sigs mailing list