Snort mailing list archives
Re: Acid and Sensor ID's
From: "Ian Macdonald" <secsnort () dirk demon co uk>
Date: Mon, 29 Jul 2002 13:54:22 -0400
I was having a similar problem, I switch on sql logging and then watched the exact commands that were being run found the one that matches the query for the sensor id and noticed that some of the entries didn't match exactly which is why I got a new sid. If your network device changes or you sensor name changes then it will change the SID. Ian ----- Original Message ----- From: "Hall, Duane" <Duane.Hall () hastings-ent com> To: "Snort Userslist" <snort-users () lists sourceforge net> Sent: Monday, July 29, 2002 11:47 AM Subject: [Snort-users] Acid and Sensor ID's
I had to reboot a sensor over the weekend and now the sensor number in
ACID has changed. Now the alerts are not logging correctly. Any ideas?
Duane Duane Hall Security Administrator Hastings Entertainment 806-351-2300 x-3945 Duane.Hall () hastings-ent com -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT d+ s:- a- C+ UL++ P+ L++ E--- W++ N++ o K- w--- O- M-- V-- PS PE Y PGP t++ 5 X R- tv+ b+ DI++ D+ G e+ h---- r+++ y++++ ------END GEEK CODE BLOCK------ ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list
------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Acid and Sensor ID's Hall, Duane (Jul 29)
- Re: Acid and Sensor ID's Ian Macdonald (Jul 29)
- RE: Acid and Sensor ID's Gene Gomez (Jul 29)
- <Possible follow-ups>
- RE: Acid and Sensor ID's Hall, Duane (Jul 29)