[Snort-users] ALERT in logs

Martin Roesch roesch at ...421...
Wed Sep 13 12:24:02 EDT 2000


If there's an alert rule that doesn't have a "msg" keyword in it, the default
message is "ALERT".  It sounds like that's what you're seeing.  Do you have
any custom rules?

    -Marty


"Helio Coelho Jr. - CompuLand ISP Admin" wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi:
> 
>   I'm using snort for a while and it's very nice and useful.
> 
>   One question: I'm using snort_stat.pl to look at the logfiles.
> I saw every day several entries that has ALERT in the description
> of the attack/probe. All of them are directed to our irc server.
> But in the rules there's no entry pointing to the common irc port, nor
> that 'ALERT' definition. So I suppose it's in the code. Does this
> ALERT message means something else - can I safely ignore it and
> how can I block that message from appearing in the logs ?
> 
> Best Regards,
> Helio.
> 
> - --
> CompuLand ISP Admin
> GnuPG Public Key: http://www.compuland.com.br/helio/gpgpublic.txt
> - --
> A little suffering is good for the soul.
>                 -- Kirk, "The Corbomite Maneuver", stardate 1514.0
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.1 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE5v5qts4JCXSskkw8RAtW+AKCDSsAC1UOBe3/W2O7CMitjkEeopACffdUn
> zSVR0YMe4KGIKNjASnmyCEY=
> =5zQ/
> -----END PGP SIGNATURE-----
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch
roesch at ...421...
http://www.snort.org



More information about the Snort-users mailing list