[Snort-users] novice question: logs

John Sage jsage at ...2022...
Sat Jan 12 16:24:02 EST 2002


It was really quite puzzling to have, as I said, at least a bazillion 
hits on "ID 702911" (I'm not exagerating! at *least* a bazillion!) but 
no one seeming to be paying  any attention to what that was, itself.

The focus of all the posts was actually on other stuff...

An interesting example of how a search engine can find alot of what you 
asked about, but still not answer your question ;-)


- John

Erek Adams wrote:

> On Fri, 11 Jan 2002, John Sage wrote:


>>The "ID 702911 daemon.error" has me a little puzzled.
>>"daemon.error" is from the klogd/syslogd logging process, and is
>>"ID 702911" shows up on a bazillion Google search hits, but none of them
>>explain **what** its significance is...
>>From the Solaris syslogd man pages:
> [...snip...]
>      Example 2:  syslogd output with ID generation  enabled  when
>      writing to log file /var/adm/messages
>      The following example shows the output  from  syslogd   when
>      message  ID generation is enabled. Note that  the message ID
>      is displayed when writing to log file/var/adm/messages.
>       Sep 29 21:41:18 cathy ufs: [ID 845546 kern.notice] alloc /: file system
> full
> [...snip...]
> The ID is a message identifier.  Solaris 7 MU4 (or was it MU3) turned on that
> 'feature' by default.  It really gave our syslog parsing scripts a headache
> till we realized what/where it was coming from.
> Hope that helps!
> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net

More information about the Snort-users mailing list