[Snort-users] Fast Alert Log Format

Bill McCarty bmccarty at ...5196...
Sun Mar 3 22:12:03 EST 2002


I'm writing a program to process lines in Snort's Fast Alert Log. However, 
I can't decipher several of the fields.

Here's a typical log entry:

03/03-22:06:32.396957  [**] [1:300001:1] Service Hunt [**] [Classification: 
Misc activity] [Priority: 3] {TCP} xxx.xxx.xxx.xxx:40144 -> 
xxx.xxx.xxx.xxx:21

Can someone tell me what information can appear in the two fields 
containing asterisks? In my logs I find no entry in which they contain 
anything else.

And, can someone tell me the meaning of the number preceding the sid 
(3000001) and rule revision number?

Thanks!




More information about the Snort-users mailing list