#14 Event description "n/a"

[ef2007]

When a similar event (type information, id 1, source Snort, user n/a) is logged on the Application event log of a monitored server:

The description for Event ID ( 1 ) in Source ( snort ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: [122:17:0] (portscan) UDP Portscan[Priority: 3]: {PROTO:255} aaa.bbb.ccc.ddd -> eee.fff.ggg.hhh

Sbelm doesn't show Event category (blank), Event user (blank), nor description (n/a), only date/time, Event ID (1) and Source (snort), so every alert filter based on event description fails.

The same occurs with similar events from different sources than snort (everytime the description is similar).

Thanks