[Snort-sigs] Sig_reference table issue

shekhar $on! rajnish.soni89 at ...2420...
Mon Nov 21 01:34:31 EST 2016


Can someone tell me what i have to do to get a response from your side ?

On Fri, Nov 18, 2016 at 7:03 PM, shekhar $on! <rajnish.soni89 at ...2420...>
wrote:

> Hi All,
>
> To add more on this issue, i tested further and found that whenever any
> rule matches, this type of alert got generated for that gid and sid.
>
> INFO [dbProcessSignatureInformation()]: [Event: 59] with [gid: 1] [sid:
> 10009003] [rev: 1] [classification: 0] [priority: 0]
>          was not found in barnyard2 signature cache, this could lead to
> display inconsistency.
>          To prevent this warning, make sure that your sid-msg.map and
> gen-msg.map file are up to date with the snort process logging to the spool
> file.
>          The new inserted signature will not have its information present
> in the sig_reference table.
>          Note that the message inserted in the signature table will be
> snort default message "Snort Alert [gid:sid:revision]"
>          You can always update the message via a SQL query if you want it
> to be displayed correctly by your favorite interface
>
>
> Due to this my BASE is not showing proper signature name and the no of
> such event is the signature table get increased.
>
> Please someone reply as i have some urgent delivery pending due to this
> error.
>
> On Fri, Nov 18, 2016 at 2:14 PM, shekhar $on! <rajnish.soni89 at ...2420...>
> wrote:
>
>> Hi All,
>>
>> My sig_reference table is not updating with signature name.Its showing
>> Default Snort Alert instead of signature name. Can someone help me here.
>>
>> | 154975 | Snort Alert [116:412:1]
>>
>>  |          181 |            3 |       1 |     412 |     116 |
>> | 154976 | Snort Alert [116:414:1]
>>
>>  |          181 |            3 |       1 |     414 |     116 |
>> | 154977 | Snort Alert [122:23:1]
>>
>> |          156 |            2 |       1 |      23 |     122 |
>> | 154978 | Snort Alert [116:408:1]
>>
>>  |          181 |            3 |       1 |     408 |     116 |
>> | 154979 | Snort Alert [116:431:1]
>>
>>  |          181 |            3 |       1 |     431 |     116 |
>> | 154980 | Snort Alert [122:24:1]
>>
>> |          156 |            2 |       1 |      24 |     122 |
>> | 154981 | Snort Alert [129:12:1]
>>
>> |          155 |            2 |       1 |      12 |     129 |
>> | 154982 | Snort Alert [1:1917:15]
>>
>>  |          175 |            3 |      15 |    1917 |       1 |
>> | 154983 | Snort Alert [1:24303:6]
>>
>>  |          181 |            3 |       6 |   24303 |       1 |
>> | 154984 | Snort Alert [116:6:1]
>>
>>  |          178 |            3 |       1 |       6 |     116 |
>> | 154985 | Snort Alert [129:15:1]
>>
>> |          155 |            2 |       1 |      15 |     129 |
>> | 154986 | Snort Alert [122:22:1]
>>
>> |          156 |            2 |       1 |      22 |     122 |
>> | 154987 | Snort Alert [122:21:1]
>>
>> |          156 |            2 |       1 |      21 |     122 |
>> | 154988 | Snort Alert [128:4:1]
>>
>>  |          177 |            2 |       1 |       4 |     128 |
>> | 154989 | Snort Alert [116:445:1]
>>
>>  |          155 |            2 |       1 |     445 |     116 |
>> | 154990 | Snort Alert [1:2329:14]
>>
>>  |          161 |            1 |      14 |    2329 |       1 |
>> +--------+--------------------------------------------------
>> ------------------------------------------------------------
>> ------------------------------+--------------+--------------
>> +---------+---------+---------+
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161121/176cf584/attachment.html>


More information about the Snort-sigs mailing list