[Snort-users] Re: [Snort-sigs] Snort Alert [1:1411:0] ) (etc) alerts

Jens Krabbenhoeft tschenz-snort-sigs at ...7018...
Mon Dec 9 08:51:19 EST 2002


Michael,

> [1:1411:0]" (etc) alerts in my database database and I wonder if they are
> because Snort and Barnyard is not in sync or that because I use tagging?

It's when barnyard is using a sid-msg.map file where the alert (1411) is
not defined. So it's a sync-problem between your rules and die
sid-msg.map.

HTH,
	Jens




More information about the Snort-users mailing list