[Snort-users] Classification List and numeric values

Snort User snort at ...9544...
Wed Jul 9 16:59:20 EDT 2003


  On a related question this topic, is there a way to get the numeric
values assigned to the classification list in classification.config?
The exact value I'm looking for is in the event.h, the struct
Event classification unsigned 32bit int.
I've looked through the code, but there's a lot of it, so i seem to
have missed it.
  If there's a file that those values are in, pointing me in the right
direction would be wonderful.

Thanks for the help.

Randy

"Sed Quis Custodiet Ipsos Custodes?" -Juvenal

This communication (including any attachments) is intended for the use of the intended
recipient only and may contain information that is confidential, privileged or legally
protected. Any unauthorized use or dissemination of this communication is strictly
prohibited. If you have received this communication in error, please immediately notify
the sender by return e-mail message and delete all copies of the original communication.
Thank you for your cooperation.





On Wed, 9 Jul 2003, Erek Adams wrote:

On Wed, 9 Jul 2003, Sudhakar Gummadi wrote:

> I was wondering where can I get the list of Classifications which come
> under (Priority: 1 Priority: 2 and Priority: 3)  which are written to
> the (alert) log file.
>
> Right now I am generating email alerts only for Priority: 1.  I do not
> want to miss some important alerts which come under Priority:2 and 3
> classification.
>
> If I can get a complete list of alerts which corresponds to the 3
> classifications then it will be very helpful.
>
> Any suggestions really appreciated.

/etc/snort/classification.config

Or whatever the path to that file is.  If you aren't sure where it is:

	cd /
	find . -type f -name classification.config -print

Or if it's installed:

	locate classification.config

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list