I Receive the following ids log from Snort:
I'd like to create a trigger when i receive Priority: 1 messages, but i can't use the .str parameter because doesn't accept spaces.
Anyone can help ?
Thanks.
Code:
[2006.Jul.05 09:04:15] - - Non classificato 07/05-09:04:19.598525 [**] [1:1852:3] WEB-MISC robots.txt access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] {TCP} 72.30.133.209:36364 -> 81.29.232.53:80
[2006.Jul.05 09:03:44] - - Non classificato 07/05-09:03:32.401496 [**] [1:895:7] WEB-CGI redirect access [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 81.29.232.55:1364 -> 81.29.232.53:80
[2006.Jul.05 08:57:11] - - Non classificato 07/05-08:57:07.534785 [**] [1:1852:3] WEB-MISC robots.txt access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] {TCP} 68.142.250.31:48301 -> 81.29.232.53:80
[2006.Jul.05 08:51:08] - - Non classificato 07/05-08:51:04.197855 [**] [1:2003:8] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] {UDP} 61.188.39.6:1032 -> 81.29.232.49:1434
[2006.Jul.05 08:51:08] - - Non classificato 07/05-08:51:04.197855 [**] [1:2004:7] MS-SQL Worm propagation attempt OUTBOUND [**] [Classification: Misc Attack] [Priority: 2] {UDP} 61.188.39.6:1032 -> 81.29.232.49:1434
[2006.Jul.05 08:51:08] - - Non classificato 07/05-08:51:04.197855 [**] [1:2050:8] MS-SQL version overflow attempt [**] [Classification: Misc activity] [Priority: 3] {UDP} 61.188.39.6:1032 -> 81.29.232.49:1434
Anyone can help ?
Thanks.
Comment