NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Snort IDS> 2003-04

[Snort-users] About IDMEF XML

From: lucy lee (kidlucy88yahoo.com)
Date: Sun Apr 13 2003 - 21:14:31 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,
I run snort(snort-1.9.0-idmef-1.1) in debug state
and get some messages:
IDMEF: IDMEF output facility = alert
IDMEF: IDMEF XML dtd = idmef-message.dtd
IDMEF: IDMEF analyzerid = IDS1
IDMEF: Indented output: true
IDMEF: IDS alert_id file = /var/log/alert_id_num
IDMEF: Done parsing args
getStoredAlertID: Stored alert ID not found in
/var/log/alert_id_num, continuing with alert ID = 1
idmef: No stored alert id. Continuing with alert id
= 1
!!!!!!!1334 Snort rules read...
1334 Option Chains linked into 147 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order:
->activation->dynamic->alert->pass->log

--== Initialization Complete ==--

-*> Snort! <*-
Version 1.9.0 (Build 209)
By Martin Roesch (roeschsourcefire.com,
www.snort.org)
IDMEF(): Unknown caller type, returning
IDMEF(): Unknown caller type, returning
IDMEF(): not an IDMEF rule, returning
IDMEF(): not an IDMEF rule, returning
IDMEF(): not an IDMEF rule, returning
IDMEF(): not an IDMEF rule, returning
IDMEF(): not an IDMEF rule, returning
IDMEF(): not an IDMEF rule, returning
Segmentation fault
  Now alert_id_number is more(in /var/log),while
alert_id_num is empty. idmef-messages.log is empty
too.
  What wrong with me ?
  BTW,configure snort with option --enable-idmef
--enable-debug --with-libxml2-includes=dir1
--with-libidmef-includes=dir2
--with-libntp-libraries=dir3
      configure libidmef with option --enable-debug
--with-libxml2-includes=dir1
      rules are modified by append_idmef.pl(provided
by idmef-xml-plugin-0.2.2.tar.gz).
     Any reply is welcome and appreciated.

Lucy

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com

-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger
for complex code. Debugging C/C++ programs can leave you feeling lost and
disoriented. TotalView can help you find your way. Available on major UNIX
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]