[Snort-users] novice question: logs

Erek Adams erek at ...577...
Sat Jan 12 09:03:08 EST 2002

On Fri, 11 Jan 2002, John Sage wrote:

> Justin:
> You don't say what version snort/what OS platform you're running (which
> can sometimes be helpful..) but the only place I find the string "ICMP
> Unreachable IP short header" anywhere in the files of snort 1.8.2 build
> 86 on Linux is within decode.c

If I were to take a wild, flying guess, I'd say Solaris 7 MU4.

[...nice explanation snipped...]

> The "ID 702911 daemon.error" has me a little puzzled.
> "daemon.error" is from the klogd/syslogd logging process, and is
> facility.priority
> "ID 702911" shows up on a bazillion Google search hits, but none of them
> explain **what** its significance is...

