[Snort-users] Snort Alert [1:P201XXX:1]

Matheus Condi'ez conma293 at ...11827...
Mon May 26 23:47:09 EDT 2014


Hey guys,

I have snort instance grabbing rules and sid-msg.map from pulled pork -
both VRT && ET rules.  I have a whole lot of ET ..... & just generic
messages for rules.  but about 80% of firing events have no 'event name'
just Snort Alert [1:201209:1] or similar...

has anyone encountered this issue?  Im thinking its the sid-msg.map but why
for some and not for others?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140527/2466d481/attachment.html>


More information about the Snort-users mailing list