Weird protocol fields
This reference describes the various protocol fields that can appear in intrusion detection logs, including rule identifiers, messages, transport protocols, and inspector modules.
|
Field |
Description |
|---|---|
|
gid |
The GID of the intrusion rule that triggered the log. This value is collected and displayed even if the rule is disabled. |
|
msg |
The message associated with the intrusion rule that triggered the log. This field provides a description of why the flow was logged. |
|
proto |
The transport layer protocol associated with the event, for example, IP, ICMP, TCP, or UDP. |
|
sid |
The SID of the intrusion rule that triggered the log. This value is collected and displayed even if the rule is disabled. |
|
source |
The name of the inspector module that was assigned to process the flow. This identifies the specific component within Snort that detected the anomaly. The name of the module appears similar to that in the Network Analysis Policy. |