Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 02-03-2005, 10:01 AM   #1
Registered: Jul 2003
Location: Chicago
Distribution: Fedora, ubuntu
Posts: 459

Rep: Reputation: 30
snort not posting priority

I have snort running and I would like to have swatch preform specific actions after receiving a warning from snort. On my old system, snort always gave me a [Priority: 1, 2, 3 etc] error which is what I would like snort to watch for. On this new install, my logs look like this:
Feb  3 07:11:27 linux snort: [119:2:1] (http_inspect) DOUBLE DECODING ATTACK {TCP} offending ip:3787 -> myip:80
Feb  3 08:30:52 linux snort: [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING {TCP} offending ip:2090 -> myip:80
Whats with the [119:*:1]? Ive searched google and I didnt get much, anyone else seen this, better yet.. does anyone know how to change this to the [Priority] setting?


Last edited by ryedunn; 02-03-2005 at 10:30 AM.
Old 02-04-2005, 12:38 PM   #2
Registered: Jul 2003
Location: Chicago
Distribution: Fedora, ubuntu
Posts: 459

Original Poster
Rep: Reputation: 30
I think the priorty is only placed at the end and does not replace the IDs like [119:2:1]. Its also a guess that these smaller types of web attacks dont have a priority on them, the reason why I saw the priorities on others was because I was using standard ports for applications and my firewall was kaka..


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Error when starting up snort: bash:!/bin/sh/usr/local/bin/snort :Eent not found cynthia_thomas Linux - Software 1 11-11-2005 02:59 PM
snort failed: snort: symbol lookup error: undefined symbol: usmAES192PrivProtocol Emmanuel_uk Linux - Security 1 07-10-2005 10:29 AM
priority alaios Linux - General 3 10-12-2004 06:55 AM
Snort rules> priority linuxtommy Linux - Security 1 09-12-2004 09:35 PM
snort snort.conf help crealkiller175 Linux - Software 1 03-08-2003 05:58 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:01 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration