[Snort-users] Barnyard-2.0, snort-2.4, and a rule that wont display the msg tag.
This is a discussion on [Snort-users] Barnyard-2.0, snort-2.4, and a rule that wont display the msg tag. within the Snort forums, part of the System Security and Security Related category; I think I have heard something about this on the list before. I'm using Barnyard-2.0, and Snort-...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-07-2006
|
|||
|
|||
[Snort-users] Barnyard-2.0, snort-2.4, and a rule that wont display the msg tag.
I think I have heard something about this on the list before.
I'm using Barnyard-2.0, and Snort-2.4 in unified output mode. I have a rule that fires off, but the contents of the " msg " option is not getting logged. Instead I get this showing up. [local] [snort] Snort Alert [1:3000003:0] alert tcp $SMTP_SERVERS 25 -> $EXTERNAL_NET any (msg:"POLICY SMTP Spam denied by Spamcop"; flow:established,from_server; content:"spamcop.net"; reference:url,spamcop.net; classtype:misc-activity; sid:3000003; rev:9;) Is this happening because this is not listed in the sid-msg.map file? -- David Gianndrea Senior Network Engineer Comsquared Systems, Inc. Email: dgianndrea@comsquared.com Web: www.comsquared.com ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=...486&dat=121642 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
