[Oisf-users] fast.log output
Will Metcalf
william.metcalf at gmail.com
Fri Jul 29 00:57:35 UTC 2011
It is the GID (1) and signature revision number (5).
On Thu, Jul 28, 2011 at 7:47 PM, Gene Albin <gene.albin at gmail.com> wrote:
> All,
> When looking at the fast.log output there is a number just before and
> after the rule SID. What do those numbers mean? In the example below, I'm
> talking about the numbers 1 and 5. I think the last number is the rule
> version. The first number (1) doesn't ever seem to change. Does that
> correspond to the instance of Suricata?
>
> 07/28/2011-17:28:08.152467 [**] [1:2100485:5] GPL ICMP_INFO Destination
> Unreachable Communication Administratively Prohibited [**] [Classification:
> Misc activity] [Priority: 3] {ICMP} x.x.x.x:p -> y.y.y.y:p
>
> Thanks,
> Gene
>
>
>
> --
> Gene Albin
> gene.albin at gmail.com
>
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
More information about the Oisf-users
mailing list