[Snort-users] event id = 0 on all unified2 events
eupm90 at ...11827...
Thu Feb 6 07:56:50 EST 2014
I've just installed snort and I'm seeing that all events in the unified2
file have the event id field set to 0.
I've check the rules, and they have all a sid != 0, and I've configured the
snort.conf unified output plugin like this:
output unified2: filename snort.log, limit 128
The same snort installation runs fine in others machines. So, under what
circumstances this field is set to 0? Where I should look to get the event
id field filled?
BTW, I'm using the snort version 220.127.116.11.
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users