[Snort-users] barnyard beta 4

Andrew R. Baker andrewb at ...950...
Wed Nov 14 10:24:07 EST 2001


The "Unable to find SID" messages appear when the Signature ID (loaded
from sid-msg.map) for an alert cannot be located.  I would suggest
updating to the CVS version of barnyard and making sure you are running
at least build 84 of snort.

-Andrew


> Neal Timm wrote:
> 
> receiving these error messages when trying to start
> Unable to find SID (1, 2)
> Unable to find SID (1, 2)
> Rotating file [read 2 records from
> /var/log/snort/snort.alert.1004954881]
> Unable to find SID (1, 2)
> Unable to find SID (1, 2)
> Unable to find SID (2, 3)
> Unable to find SID (2, 3)
> Unable to find SID (0, 1004957390)
> Unable to find SID (0, 1004957390)
> Unable to find SID (119221, -210996264)
> 
> Then it seg faults
> Running redhat 7.2 snort version 1.8.2 build 86
> 
> Any help would be appreciated just trying to log it to syslog.




More information about the Snort-users mailing list