<div dir="ltr">Normally that is created to test snort after you configure and set it up for the first time.<br></div><div class="gmail_extra"><br clear="all"><div><div dir="ltr">---<br>Thank you, <br><br>Michael A. Brown<br>
<a href="mailto:mike.a.brown09@...11827..." target="_blank">mike.a.brown09@...11827...</a><br>(757) 912-0836 
<div>M.S. Forensic Studies: Computer Forensics<br>B.S. Information Technology: Network Specialist<br><br>"The only thing necessary for the triumph of evil is for good men to do nothing" -Edmund Burke</div></div>
</div>
<br><br><div class="gmail_quote">On Wed, Feb 19, 2014 at 3:24 PM, Jeremy Hoel <span dir="ltr"><<a href="mailto:jthoel@...11827..." target="_blank">jthoel@...11827...</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">This looks like a custom rule that you wrote ( the SID is not a normal one, check local.rules) and the problem is that the sid map didn't get updated, probably because you don't run a rule management tool; pulledpork for example?</div>


<div class="gmail_extra"><br><br><div class="gmail_quote"><div><div class="h5">On Wed, Feb 19, 2014 at 12:02 PM, Angel Chiriboga Torres <span dir="ltr"><<a href="mailto:angel.chiriboga@...15848..." target="_blank">angel.chiriboga@...15848...</a>></span> wrote:<br>


</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div link="#0563C1" vlink="#954F72" lang="ES-EC"><div><p class="MsoNormal"><span lang="EN-CA">Hi everyone,<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-CA"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-CA">I need your help with a problem with Snort. All the events appear like the following picture.<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-CA"><u></u> <u></u></span></p><p class="MsoNormal"><span><img src="cid:image001.png@...16707..." height="117" width="475"></span><span lang="EN-CA"><u></u><u></u></span></p><p class="MsoNormal">


<span lang="EN-CA"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-CA">Why events look this way? How I can fix them?<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-CA"><u></u> <u></u></span></p>


<p class="MsoNormal"><span lang="EN-CA">Please, I wait your response as soon as possible.<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-CA"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-CA">Thanks.<u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-CA"><u></u> <u></u></span></p><p class="MsoNormal"><span lang="EN-CA">Regards.<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-CA"><u></u> <u></u></span></p><p class="MsoNormal">


<span lang="EN-CA">--<u></u><u></u></span></p><p class="MsoNormal"><span lang="EN-CA">Ángel Chiriboga Torres<u></u><u></u></span></p><p class="MsoNormal"><b><span lang="EN-CA">IT Security Specialist<u></u><u></u></span></b></p>


<p class="MsoNormal"><b><span lang="EN-CA">EGOVERMENT SOLUTIONS S.A.<u></u><u></u></span></b></p><p class="MsoNormal"><span lang="EN-CA">E-mail: <u><a href="mailto:angel.chiriboga@...15848..." target="_blank">angel.chiriboga@...15848...</a><u></u><u></u></u></span></p>


<p class="MsoNormal"><span lang="EN-CA">Web: <a href="http://www.e-govsolutions.net" target="_blank">http://www.e-govsolutions.net</a><u></u><u></u></span></p><p class="MsoNormal">Celular: <a href="tel:%2B593-995093859" value="+593995093859" target="_blank">+593-995093859</a><u></u><u></u></p>


<p class="MsoNormal">Skype: angelctorres<u></u><u></u></p><p class="MsoNormal"><span><u></u> <u></u></span></p><p class="MsoNormal" style="background:white"><b><span style="font-size:24.0pt;font-family:Webdings;color:green">P</span></b><b><span style="color:blue"> </span></b><b><span style="font-size:10.0pt;font-family:"Century Gothic","sans-serif";color:green">No imprima este mail a menos que sea absolutamente necesario</span></b><span style="font-size:11.5pt;font-family:"Segoe UI","sans-serif";color:#282828"><u></u><u></u></span></p>


<p class="MsoNormal" style="background:white"><b><span style="font-size:10.0pt;font-family:"Century Gothic","sans-serif";color:green" lang="EN-US">Save a tree, donīt print this e-mail unless itīs really necessary</span></b><span style="font-size:11.5pt;font-family:"Segoe UI","sans-serif";color:#282828" lang="EN-US"><u></u><u></u></span></p>


<p class="MsoNormal"><span lang="EN-CA"><u></u> <u></u></span></p></div></div><br></div></div>------------------------------------------------------------------------------<br>
Managing the Performance of Cloud-Based Applications<br>
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.<br>
Read the Whitepaper.<br>
<a href="http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk" target="_blank">http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk</a><br>_______________________________________________<br>



Snort-users mailing list<br>
<a href="mailto:Snort-users@lists.sourceforge.net" target="_blank">Snort-users@lists.sourceforge.net</a><br>
Go to this URL to change user options or unsubscribe:<br>
<a href="https://lists.sourceforge.net/lists/listinfo/snort-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/snort-users</a><br>
Snort-users list archive:<br>
<a href="http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users" target="_blank">http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users</a><br>
<br>
Please visit <a href="http://blog.snort.org" target="_blank">http://blog.snort.org</a> to stay current on all the latest Snort news!<br></blockquote></div><br></div>
<br>------------------------------------------------------------------------------<br>
Managing the Performance of Cloud-Based Applications<br>
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.<br>
Read the Whitepaper.<br>
<a href="http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk" target="_blank">http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk</a><br>_______________________________________________<br>

Snort-users mailing list<br>
<a href="mailto:Snort-users@lists.sourceforge.net">Snort-users@...4626...ceforge.net</a><br>
Go to this URL to change user options or unsubscribe:<br>
<a href="https://lists.sourceforge.net/lists/listinfo/snort-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/snort-users</a><br>
Snort-users list archive:<br>
<a href="http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users" target="_blank">http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users</a><br>
<br>
Please visit <a href="http://blog.snort.org" target="_blank">http://blog.snort.org</a> to stay current on all the latest Snort news!<br></blockquote></div><br></div>