[Snort-users] Question about Line in Logfile...

Erek Adams erek at ...950...
Thu Jul 24 07:48:38 EDT 2003


On Wed, 23 Jul 2003, Thomas Bechtold wrote:

> If i'm logging with the following command:
>
> snort -c /etc/snort/snort.conf -A console
>
> I get the alerts out to the console now.
> My Question is what this line wants to tell me:
>
> 07/23-00:18:28.945319  [**] [1:0:0] Test [**] [Priority: 0] {TCP}\
> 217.224.228.216:33137 -> 81.57.63.19:2234
>
> I don't know what [1:0:0] means.

[A:B:C]

A = generator
B = sid
C = rev

Generator ID's are found in src/generators.h.

So the 1 is:

	#define GENERATOR_SNORT_ENGINE        1

So Snort generated the alert of SID 0 and Revision 0.

Something's not right about that though, as there is no SID 0.  Do you
have sid-msg.map and gen-msg.map correctly installed?

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list