LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   snort not posting priority (https://www.linuxquestions.org/questions/linux-security-4/snort-not-posting-priority-285790/)

ryedunn 02-03-2005 10:01 AM
snort not posting priority
 
I have snort running and I would like to have swatch preform specific actions after receiving a warning from snort. On my old system, snort always gave me a [Priority: 1, 2, 3 etc] error which is what I would like snort to watch for. On this new install, my logs look like this:
Code:
Feb  3 07:11:27 linux snort: [119:2:1] (http_inspect) DOUBLE DECODING ATTACK {TCP} offending ip:3787 -> myip:80
Feb  3 08:30:52 linux snort: [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING {TCP} offending ip:2090 -> myip:80
Whats with the [119:*:1]? Ive searched google and I didnt get much, anyone else seen this, better yet.. does anyone know how to change this to the [Priority] setting?

R

ryedunn 02-04-2005 12:38 PM
I think the priorty is only placed at the end and does not replace the IDs like [119:2:1]. Its also a guess that these smaller types of web attacks dont have a priority on them, the reason why I saw the priorities on others was because I was using standard ports for applications and my firewall was kaka..


All times are GMT -5. The time now is 08:52 AM.