IDS-Log interpretation

[philipp]

First you need the signature-id (SID). If the ids-message is something like:

May 11 17:50:12 192.168.4.233 IDS Engine [1141]: [122:1:0] (portscan) TCP Portscan {PROTO255} 192.168.4.91 -> 192.168.4.233

122-1 is the number you need

now go to http://www.snort.org/pub-bin/sigs-search.cgi and use the formular to find some information for the ids-message