[Snort-users] Barnyard-2.0, snort-2.4, and a rule that wont display the msg tag.

David Gianndrea dgianndrea at ...4357...
Tue Feb 7 11:19:18 EST 2006


I think I have heard something about this on the list before.

I'm using Barnyard-2.0, and Snort-2.4 in unified output mode.
I have a rule that fires off, but the contents of the " msg "
option is not getting logged. Instead I get this showing up.

[local] [snort] Snort Alert [1:3000003:0]

alert tcp $SMTP_SERVERS 25 -> $EXTERNAL_NET any (msg:"POLICY SMTP Spam 
denied by Spamcop"; flow:established,from_server; content:"spamcop.net"; 
reference:url,spamcop.net; classtype:misc-activity; sid:3000003; rev:9;)

Is this happening because this is not listed in the sid-msg.map file?

-- 
David Gianndrea
Senior Network Engineer
Comsquared Systems, Inc.

Email:   dgianndrea at ...4357...
Web:     www.comsquared.com




More information about the Snort-users mailing list