Snort mailing list archives
RE: (no subject)
From: Steve Halligan <agent33 () geeksquad com>
Date: Mon, 17 Sep 2001 15:41:28 -0500
When I look at my default snort view screen I see TCP, UCP, ICMp, etc....
traffic.
how can I erase all of this and start clean?
I want to move my sensor to another subnet but want to clear out the old
data....
Kenny
I'm using acid v0.9.6b6 for windows 2000
1) Get a newer version of Acid. That one is quite old. 2) Since you want to remove all of the old alerts from the database, why don't you just leave the old one, and create a new database called snort_new or something. 3) Newer versions of Acid allow the archiving of alerts. You need to create a new database (eg. snort_archive) to archive into. Then you run a query, or tell acid to list all alerts if you want to archive all of them. Once you are looking at the alert display, go to the bottom of the page and select archive alerts. You can select specific alerts, all on page, or entire query. The script may time out if you select entire query, but you can either increase the max script run time, or just run the action over again until all the alerts are archived. _steve _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (no subject), (continued)
- (no subject) Sloan Miller (Sep 04)
- Re: (no subject) Jim Kipp (Sep 04)
- Re: (no subject) Erek Adams (Sep 04)
- (no subject) Kenneth Wells (Sep 08)
- Re: (no subject) roman (Sep 08)
- (no subject) Jim Rauser (Sep 12)
- (no subject) Wells, Kenneth L (Sep 17)
- Re: (no subject) Wayne T Work (Sep 17)
- (no subject) Wells, Kenneth L (Sep 17)
- RE: (no subject) Wells, Kenneth L (Sep 17)
- RE: (no subject) Steve Halligan (Sep 17)
- Re: (no subject) Wayne T Work (Sep 17)
- RE: (no subject) Wayne T Work (Sep 17)
- RE: (no subject) Wayne T Work (Sep 17)
- RE: (no subject) Reeves, Michael (GEAE, Compaq) (Sep 17)
- (no subject) Peter Fuggle (Sep 19)
- (no subject) Thomas Nilsen (Sep 20)
- Re: (no subject) richard (Sep 20)
- RE: (no subject) Steve Halligan (Sep 20)
- RE: (no subject) Jeff Anderson (Sep 20)
- RE: (no subject) Thomas Nilsen (Sep 20)
(Thread continues...)
- (no subject) Sloan Miller (Sep 04)