[Bro] doubt regarding notice alarm always

[kanthi myneni]

Hi,

I Started a server on the machine(system 1) where bro is running. I
tried to access to that from other  system (system 2).

I observed that it is logged as notice alarm always like

t=1195051259.323269 no=HTTP_SensitiveURI na=NOTICE_ALARM_ALWAYS
sa=157.182.235.186 da=157.182.235.207 method=GET url=/icons/blank.gif
msg=157.182.235.186\ ->\ 157.182.235.207\ %232:\ <no\ reply>

t=1195051259.323269 no=HTTP_SensitiveURI na=NOTICE_ALARM_ALWAYS
sa=157.182.235.186 da=157.182.235.207 method=GET url=/icons/folder.gif
msg=157.182.235.186\ ->\ 157.182.235.207\ %232:\ <no\ reply>

Here system 1 is 157.182.235.207 and system 2 is 157.182.235.186

Few questions regarding the above data

1. On what based it is logged as notice alarm always.

2. I think t stand for time... can I know in what format it is logged.

3. msg=157.182.235.186\ ->\ 157.182.235.207\ %232: in this message
what is %232. Is that is session id.

4. I am getting as 2 different url like url=/icons/folder.gif and
url=/icons/blank.gif why is it logging so.

Sorry to take your valuable time.

Thanks & Regards,
Kanthi.