[Snort-users] Barnyard-2.0, snort-2.4, and a rule that wont display the msg tag.
dgianndrea at ...4357...
Tue Feb 7 11:19:18 EST 2006
I think I have heard something about this on the list before.
I'm using Barnyard-2.0, and Snort-2.4 in unified output mode.
I have a rule that fires off, but the contents of the " msg "
option is not getting logged. Instead I get this showing up.
[local] [snort] Snort Alert [1:3000003:0]
alert tcp $SMTP_SERVERS 25 -> $EXTERNAL_NET any (msg:"POLICY SMTP Spam
denied by Spamcop"; flow:established,from_server; content:"spamcop.net";
reference:url,spamcop.net; classtype:misc-activity; sid:3000003; rev:9;)
Is this happening because this is not listed in the sid-msg.map file?
Senior Network Engineer
Comsquared Systems, Inc.
Email: dgianndrea at ...4357...
More information about the Snort-users