[Oisf-users] fast.log output
Gene Albin
gene.albin at gmail.com
Fri Jul 29 00:47:40 UTC 2011
All,
When looking at the fast.log output there is a number just before and
after the rule SID. What do those numbers mean? In the example below, I'm
talking about the numbers 1 and 5. I think the last number is the rule
version. The first number (1) doesn't ever seem to change. Does that
correspond to the instance of Suricata?
07/28/2011-17:28:08.152467 [**] [1:2100485:5] GPL ICMP_INFO Destination
Unreachable Communication Administratively Prohibited [**] [Classification:
Misc activity] [Priority: 3] {ICMP} x.x.x.x:p -> y.y.y.y:p
Thanks,
Gene
--
Gene Albin
gene.albin at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110728/6074a0ec/attachment-0002.html>
More information about the Oisf-users
mailing list