[Snort-users] About IDMEF XML

lucy lee kidlucy88 at ...131...
Sun Apr 13 19:15:05 EDT 2003


Hi,
  I run snort(snort-1.9.0-idmef-1.1) in debug state
and get some messages:
 IDMEF: IDMEF output facility = alert
 IDMEF: IDMEF XML dtd = idmef-message.dtd
 IDMEF: IDMEF analyzerid = IDS1
 IDMEF: Indented output: true
 IDMEF: IDS alert_id file = /var/log/alert_id_num
 IDMEF: Done parsing args
 getStoredAlertID: Stored alert ID not found in
/var/log/alert_id_num, continuing with alert ID = 1
 idmef: No stored alert id.  Continuing with alert id
= 1
!!!!!!!1334 Snort rules read...
1334 Option Chains linked into 147 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order:
->activation->dynamic->alert->pass->log

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.9.0 (Build 209)
By Martin Roesch (roesch at ...1935...,
www.snort.org)
IDMEF(): Unknown caller type, returning
IDMEF(): Unknown caller type, returning
IDMEF(): not an IDMEF rule, returning
IDMEF(): not an IDMEF rule, returning
IDMEF(): not an IDMEF rule, returning
IDMEF(): not an IDMEF rule, returning
IDMEF(): not an IDMEF rule, returning
IDMEF(): not an IDMEF rule, returning
Segmentation fault
  Now alert_id_number is more(in /var/log),while
alert_id_num is empty. idmef-messages.log is empty
too.
  What wrong with me ?
  BTW,configure snort with option --enable-idmef
--enable-debug --with-libxml2-includes=dir1
--with-libidmef-includes=dir2
--with-libntp-libraries=dir3
      configure libidmef with option --enable-debug
--with-libxml2-includes=dir1
      rules are modified by append_idmef.pl(provided
by idmef-xml-plugin-0.2.2.tar.gz).
     Any reply is welcome and appreciated.

Lucy

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com




More information about the Snort-users mailing list