Home page logo
/

snort logo Snort mailing list archives

Re: problem with Snort Alert Descriptions
From: Y M <snort () outlook com>
Date: Wed, 1 May 2013 16:09:42 +0000

Looks like the sid-msg.map on the x64 box is not updated. Did you encounter any errors while running PulledPork on the 
x64 box?

From: john.ainsworth () thebookpeople co uk
To: snort-users () lists sourceforge net
Date: Wed, 1 May 2013 16:55:28 +0100
Subject: [Snort-users] problem with Snort Alert Descriptions

Hi I have setup 2 snort servers with Base, barnyar2 and pulledpork 1 runs on Ubuntu 12.04 32bit , the other on Ubuntu 
12.04 64 bit. The actual snort config is identical between the 2 boxes However in Base on the 32bit the alerts 
signature is correctly displaying the friendly description for the alertIe#0-(3-6) [snort] ET SCAN Cisco Torch SNMP 
Scan   But on the 64bit one any alerts triggered just show the signature id, not the more friendly 
description#192-(3-404104) [snort] Snort Alert [129:2:1]   Im not sure the problem is linked to 32bit/64bit but it’s 
the only difference between the way the servers were setup.Anyone any ideas on what to look at ThanksJohn

  
  
    -- 
 John Ainsworth  - IT Manager 
01942 868097  (extension 1105)  07733 323091  


  
  
     ASH 
James Herbert  

  
  
    This Email and any attachments to it may be 
      confidential and are intended solely for the use of the individual to whom 
      it is addressed. Any views or opinions expressed are solely those of the 
      author and do not necessarily represent those of The Book People Limited. 
      If you are not the intended recipient of this email, you must neither take 
      any action based upon its contents, nor copy or show it to anyone. Please 
      contact the sender if you believe you have received this email in 
      error. 

------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!                                        
  
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault