Spawnzao

Tag: sid-msg.map

Resolvendo o problema de assinaturas do Snort chamados “Snort Alert [gid:sid:revision]” no Banco de Dados

by on Aug.23, 2014, under Linux, snort, Software Livre

Pessoal, mais um artigo que complementa a série de artigos sobre o Snort.

O Barnyard2 utiliza o arquivo sid-msg.map para indexar a descrição dos eventos do Snort, e quando ativamos algumas regras que não estão no arquivo sid-msg.map o Barnyard2 gera um erro no syslog e consequentemente adiciona no Banco de Dados uma descrição padrão: “Snort Alert [gid:sid:revision]”.

Segue o erro do syslog:

Aug 18 06:43:51 snort barnyard2: INFO [dbProcessSignatureInformation()]: [Event: 157] with [gid: 1] [sid: 21355] [rev: 3] [classification: 4] [priority: 2]
Aug 18 06:43:51 snort barnyard2: was not found in barnyard2 signature cache, this could lead to display inconsistency.
Aug 18 06:43:51 snort barnyard2: To prevent this warning, make sure that your sid-msg.map and gen-msg.map file are up to date with the snort process logging to the spool file.
Aug 18 06:43:51 snort barnyard2: The new inserted signature will not have its information present in the sig_reference table.
Aug 18 06:43:51 snort barnyard2: Note that the message inserted in the signature table will be snort default message “Snort Alert [gid:sid:revision]”
Aug 18 06:43:51 snort barnyard2: You can allways update the message via a SQL query if you want it to be displayed correctly by your favorite interface

Para resolver o problema vamos atualizar o arquivo sid-msg.map.

(continue reading…)

Leave a Comment :, , , , , , , more...

Licença

Creative Commons License

Techs

 Blog Tool, Publishing Platform, and CMS
Powered by PHP
Powered by MySQL
Mozilla Foundation
hacker emblem
Mozilla Foundation
Open Source Initiative
Creative Commons