[Snort-users] BASE is showing "Snort Alert" and sid instead of the message field.
Al Lewis (allewi)
allewi at cisco.com
Tue Sep 19 12:50:23 EDT 2017
Its a preprocessor rule:
ALLEWI-M-8257:~ allewi$ less /var/tmp/snort-220.127.116.11-released/preproc_rules/preprocessor.rules | grep 120 | grep "sid: 3"
alert ( msg: "HI_SERVER_NO_CONTLEN"; sid: 3; gid: 120; rev: 1; metadata: rule-type preproc ; classtype:unknown; )
SOURCEfire, Inc. now part of Cisco
Email: allewi at cisco.com<mailto:allewi at cisco.com>
From: Snort-users <snort-users-bounces at lists.snort.org<mailto:snort-users-bounces at lists.snort.org>> on behalf of William Pearson <william at cnsp.net<mailto:william at cnsp.net>>
Date: Tuesday, September 19, 2017 at 12:43 PM
To: "Snort-users at lists.snort.org<mailto:Snort-users at lists.snort.org>" <Snort-users at lists.snort.org<mailto:Snort-users at lists.snort.org>>
Subject: [Snort-users] BASE is showing "Snort Alert" and sid instead of the message field.
[snort<http://www.snort.org/search/sid/120-3>] Snort Alert [120:3:1]
Any help in having it show the message field instead would be helpful. Not sure why it's doing that.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users