snort question

To: Debian Development <debian-devel@lists.debian.org>
Subject: snort question
From: Michael Meskes <meskes@debian.org>
Date: Thu, 16 Nov 2000 13:57:58 +0100
Message-id: <[🔎] 20001116135758.A2631@feivel.credativ.de>
Mail-followup-to: Debian Development <debian-devel@lists.debian.org>

Is there any documentation that gives some detailed information about the
events snort logs? I've installed it to test it a little bit but haven't
found time yet. But today I got this:

The number of events from same host to same destination using same method
=========================================================================
   events                     to               from
=========================================================================
  16 IDS244 - CVE-1999-0771   172.26.14.7      ...

172.26.14.7 is my machine. The other IP is a Solaris or Linux machine
running Apache according to queso, but DNS says it is authorative that the
IP does not exist. So as you might imagine I'd like to see what happened.

Michael
-- 
Michael Meskes
Michael@Fam-Meskes.De
Go SF 49ers! Go Rhein Fire!
Use Debian GNU/Linux! Use PostgreSQL!

Reply to:

Follow-Ups:
- Re: snort question
  - From: Bernd Eckenfels <lists@lina.inka.de>

Prev by Date: EPIC packages update - please!
Next by Date: Re: On Bugs, take 2
Previous by thread: Re: EPIC packages update - please!
Next by thread: Re: snort question
Index(es):
- Date
- Thread