• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Did something change recently with snort output? (alerts)

Scheduled Pinned Locked Moved pfSense Packages
1 Posts 1 Posters 962 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    ljimber
    last edited by Sep 6, 2012, 6:46 PM

    Hi,

    Old box running Snort 2.9.2.3 pkg v. 2.3.0 had the following snort alert format:

    [] [122:5:1] PSNG_TCP_FILTERED_PORTSCAN []
    [Classification: Attempted Information Leak] [Priority: 2]
    08/15-18:34:57.787598 1.1.1.1 -> 2.2.2.2
    PROTO:255 TTL:118 TOS:0x0 ID:2 IpLen:20 DgmLen:167 DF

    New test box Snort 2.9.2.3 pkg v. 2.5.1 has the following alert format:

    09/06-18:44:06.877103 ,119,14,1,"(http_inspect) NON-RFC DEFINED CHAR",TCP,3.3.3.3,60048,4.4.4.4,5551,62981,Potentially Bad Traffic,2,

    I went digging for a change log and could not find one?

    We have custom scripts that parse this output and trying to figure out if I missed something in the config or something really changed between the packages.

    Thanks,
    Lee

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received