Column headers for downloaded Snort alert logs
-
Does anyone know what each column represents in the alert file (when you select Download from the Snort alerts page)
It looks to me like it is (from left to right):
Date
first part of SID
second part of SID
? - Not sure what this is
Description
Proto
Source
SPort
Destination
DPort
? - Not sure what this is
Class
? - Not sure what this isIf anyone can fill in the blanks on those three columns I haven't identified (or correct anything else I have wrong) it would be much appreciated.
-
Date
GID
SID#
SID version
Description
Proto
Source
SPort
Destination
DPort
Class
Class Priority -
Thanks fsansfil, that looks good, but it looks like there might be one more column.
Between the DPort and Class columns I have a column with large numbers. These numbers don't appear in the Alerts in the GUI, so I am having a hard time matching them up.
Any help would be appreciated.
-
Thanks fsansfil, that looks good, but it looks like there might be one more column.
Between the DPort and Class columns I have a column with large numbers. These numbers don't appear in the Alerts in the GUI, so I am having a hard time matching them up.
Any help would be appreciated.
That is the IP Header ID field.
Bill
