[Snort-users] novice question: logs
jsage at ...2022...
Sat Jan 12 16:24:02 EST 2002
It was really quite puzzling to have, as I said, at least a bazillion
hits on "ID 702911" (I'm not exagerating! at *least* a bazillion!) but
no one seeming to be paying any attention to what that was, itself.
The focus of all the posts was actually on other stuff...
An interesting example of how a search engine can find alot of what you
asked about, but still not answer your question ;-)
Erek Adams wrote:
> On Fri, 11 Jan 2002, John Sage wrote:
>>The "ID 702911 daemon.error" has me a little puzzled.
>>"daemon.error" is from the klogd/syslogd logging process, and is
>>"ID 702911" shows up on a bazillion Google search hits, but none of them
>>explain **what** its significance is...
>>From the Solaris syslogd man pages:
> Example 2: syslogd output with ID generation enabled when
> writing to log file /var/adm/messages
> The following example shows the output from syslogd when
> message ID generation is enabled. Note that the message ID
> is displayed when writing to log file/var/adm/messages.
> Sep 29 21:41:18 cathy ufs: [ID 845546 kern.notice] alloc /: file system
> The ID is a message identifier. Solaris 7 MU4 (or was it MU3) turned on that
> 'feature' by default. It really gave our syslog parsing scripts a headache
> till we realized what/where it was coming from.
> Hope that helps!
> Erek Adams
More information about the Snort-users