Dear Members,

I have started using psad with fwsnort and it is awesome!

I have received alerts but they are not clear to me as it did not include the msg: field for the description

Right now I have to manually open up to search for SID2013222 to figure out what it is.

Is there anyway we could include the info?

Thank you!

=-=-=-=-=-=-=-=-=-=-=-= Mon Oct 15 20:16:52 2012 =-=-=-=-=-=-=-=-=-=-=-=

         Danger level: [1] (out of 5)

    Scanned TCP ports: [55016: 3 packets]
            TCP flags: [ACK: 3 packets]
       iptables chain: FWSNORT_FORWARD_ESTAB (*prefix "[929] SID2013222 
ESTAB"*), 3 packets
         fwsnort rule: 929

               Source: xxxxx
                  DNS: xxxxxx

          Destination: xxxxx
                  DNS: [No reverse dns info available]

   Overall scan start: Mon Oct 15 20:16:16 2012
   Total email alerts: 7
   Complete TCP range: [24722-55016]
      Syslog hostname: bgp2

         Global stats: chain:   interface:   TCP:   UDP:   ICMP:
                       FORWARD  bond2        4      0      0

[+] Whois Information (source IP):
Unknown AS number or IP network. Please upgrade this program.

=-=-=-=-=-=-=-=-=-=-=-= Mon Oct 15 20:16:52 2012 =-=-=-=-=-=-=-=-=-=-=-=

Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
psad-discuss mailing list

Reply via email to