next up previous contents
Next: Unified2 IDS Event IP6 Up: Unified2 File Format Previous: Unfied2 IDS Event IP6   Contents

Unfied2 IDS Event (Version 2) 

    sensor id               4 bytes
    event id                4 bytes
    event second            4 bytes
    event microsecond       4 bytes
    signature id            4 bytes
    generator id            4 bytes
    signature revision      4 bytes
    classification id       4 bytes
    priority id             4 bytes
    ip source               4 bytes
    ip destination          4 bytes
    source port/icmp type   2 bytes
    dest. port/icmp code    2 bytes
    protocol                1 byte
    impact flag             1 byte
    impact                  1 byte
    blocked                 1 byte
    mpls label              4 bytes
    vlan id                 2 bytes
    padding                 2 bytes

Unified2 IDS Event (Version 2) are logged for IPv4 packets which contain either MPLS or VLAN headers. Otherwise a Unified2 IDS Event is logged.

Note:  
  • Note that you'll need to pass -enable-mpls to configure in order to have Snort fill in the mpls label field.

  • Note that you'll need to configure unified2 logging with either mpls_event_types or vlan_event_types to get this record type.


Eugene Misnik 2013-05-08