IDS-Log interpretation
Verfasst: Fr 11.05.2007, 18:02
First you need the signature-id (SID). If the ids-message is something like:
now go to http://www.snort.org/pub-bin/sigs-search.cgi and use the formular to find some information for the ids-message
122-1 is the number you needMay 11 17:50:12 192.168.4.233 IDS Engine [1141]: [122:1:0] (portscan) TCP Portscan {PROTO255} 192.168.4.91 -> 192.168.4.233
now go to http://www.snort.org/pub-bin/sigs-search.cgi and use the formular to find some information for the ids-message