[Snort-users] Acid and Sensor ID's

Ian Macdonald secsnort at ...5528...
Mon Jul 29 10:55:03 EDT 2002


I was having a similar problem, I switch on sql logging and then watched the
exact commands that were being run found the one that matches the query for
the sensor id and noticed that some of the entries didn't match exactly
which is why I got a new sid. If your network device changes or you sensor
name changes then it will change the SID.

Ian
----- Original Message -----
From: "Hall, Duane" <Duane.Hall at ...4888...>
To: "Snort Userslist" <snort-users at lists.sourceforge.net>
Sent: Monday, July 29, 2002 11:47 AM
Subject: [Snort-users] Acid and Sensor ID's


> I had to reboot a sensor over the weekend and now the sensor number in
ACID has changed.  Now the alerts are not logging correctly.  Any ideas?
>
> Duane
>
> Duane Hall
> Security Administrator
> Hastings Entertainment
> 806-351-2300 x-3945
> Duane.Hall at ...4888...
>
> -----BEGIN GEEK CODE BLOCK-----
> Version: 3.12
> GIT d+ s:- a- C+ UL++ P+ L++ E--- W++ N++ o K- w---
> O- M-- V-- PS PE Y PGP t++ 5 X R- tv+ b+ DI++ D+
> G e+ h---- r+++ y++++
> ------END GEEK CODE BLOCK------
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: Dice - The leading online job board
> for high-tech professionals. Search and apply for tech jobs today!
> http://seeker.dice.com/seeker.epl?rel_code1
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list
>





More information about the Snort-users mailing list