[Snort-users] Unknown Sig Name ???

roman at ...438... roman at ...438...
Thu Oct 11 12:54:13 EDT 2001


A couple of questions to further understand the situation:

- What version of ACID?
- What version of the DB schema?
- Do all signatures appear with the "Unknown Sig Name" string?

Log into the database and run these queries:

- In the database, check for any rows in the event tables which
have a signature = 0?
(SELECT * FROM event WHERE signature = 0)
- Check if there are any rows in the event table whose signature field
is not a valid key in the signature table (i.e. not a valid sig_id)

(SELECT DISTINCT signature FROM event;
  SELECT DISTINCT sig_id FROM signature;

  compare these lists)


> Hash: SHA1
> Can anybody give me some clues on how to debug this message I am getting in
> acid? Is it a problem with classification.config? I am running snort 1.8.1 on
> one box with a local mysql database and snort1.8.1 on another box which is
> logging alerts to the first boxen's database. Thanks in advance...
> Scott Duncan
> Version: GnuPG v1.0.4 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> iD8DBQE7xKvvk2DKE9dAYTcRAkSOAKCHlO3xEuF8+Pfv5OSnnWuETj2+lwCeKuDI
> zCMirnrbE5bYtKyQcyGGmEQ=
> =saqf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

This message was sent using Voicenet WebMail.

More information about the Snort-users mailing list