Open sniglet opened 8 years ago
Syslog output was functioning properly, sending output to SIEM:
Mar 14 15:12:00 UKB1-1PSEAP01 snort[31915]: [1:6700:19] FILE-IMAGE Microsoft Multiple Products malformed PNG detected tEXt overflow attempt [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 17.253.37.202:80 -> 10.166.171.58:49311
Updated infrastructure to 2.1.14 (Build 337) has Syslog output looking like:
2016-03-14T09:55:31Z SAV1-1PSEAP01 [125:6:1] ftp_pp: FTP response length overflow [Classification: Attempted User Privilege Gain] [Priority: 1]: {TCP} 10.120.2.75:2100 -> 10.201.32.60:30573
Which is arguably more correct (and avoids Y2K like bugs), but breaks input to SIEM.
Syslog output was functioning properly, sending output to SIEM:
Mar 14 15:12:00 UKB1-1PSEAP01 snort[31915]: [1:6700:19] FILE-IMAGE Microsoft Multiple Products malformed PNG detected tEXt overflow attempt [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} 17.253.37.202:80 -> 10.166.171.58:49311
Updated infrastructure to 2.1.14 (Build 337) has Syslog output looking like:
2016-03-14T09:55:31Z SAV1-1PSEAP01 [125:6:1] ftp_pp: FTP response length overflow [Classification: Attempted User Privilege Gain] [Priority: 1]: {TCP} 10.120.2.75:2100 -> 10.201.32.60:30573
Which is arguably more correct (and avoids Y2K like bugs), but breaks input to SIEM.