[Snort-users] invalid event id, eventlog, win32

Daniel Guido infiniteedge at ...1936...
Mon Feb 9 06:14:06 EST 2004


snort under these conditions:
windows xp
snort 2.1.0
'snort /SERVICE /INSTALL -de -X -b -l C:\snort\log -c 
C:\snort\etc\snort.conf'
'output alert_syslog: LOG_AUTH LOG_ALERT'

gives me this output in the eventlog:
The description for Event ID ( 1 ) in Source ( snort ) cannot be found. 
The local computer may not have the necessary registry information or 
message DLL files to display messages from a remote computer. You may be 
able to use the /AUXSOURCE= flag to retrieve this description; see Help 
and Support for details. The following information is part of the event: 
[1:1852:3] WEB-MISC robots.txt access [Classification: access to a 
potentially vulnerable web application] [Priority: 2]: {TCP} 
x.x.x.x:57793 -> x.x.x.x:80.

i searched google for some answers but only found a few of the same 
questions.  I had 2.0.4 running fine before this.  Does anyone know what 
this means?

Dan Guido




More information about the Snort-users mailing list