[Snort-users] Question about rule numbers and Syslog

Truax, Shawn (MBS) Shawn.Truax at ...8509...
Mon Oct 25 10:12:17 EDT 2004


When you receive a syslog message from Snort it gives a rule number of
#:###:#. For example 1:255:8 is DNS Zone Transfer TCP.  I know that the
middle number is the sid for the rule.  My question is what are the other 2
numbers, where do they come from and are they in the acid database anywhere.

Shawn Truax
Sr. Security Specialist
Corporate Security
155 University Ave.
Toronto, Ontario
M5H 3B7
(416)327-1107

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20041025/e5dfc488/attachment.html>


More information about the Snort-users mailing list