Snort mailing list archives

Re: Snort, MySQL, Acid

From: Tim Sailer <sailer () bnl gov>
Date: Fri, 3 May 2002 11:18:01 -0400

On Fri, May 03, 2002 at 10:49:44AM -0400, Redman, Ken wrote:

I have put in a rule to ignore the IP address that I do all my Pen-testing from. However, 80% of all alerts in 
MySQL/Acid are from my one IP address. Therefore I want to remove all instances of those entries from MySQL and Acid. 
Is this is possible "How do I do this?" and will I end up corrupting the MySQL?


I think the easiest way, since you have ACID, is to query on your IP
address in ACID, and then tell it to delete the whole query. It will
clean up nicely.

Tim

-- 
Tim Sailer <sailer () bnl gov> 
Brookhaven National Laboratory  (631) 344-3001

_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

RE: Snort, MySQL, Acid Tom Sevy (May 03)
- <Possible follow-ups>
- Snort, MySQL, Acid Redman, Ken (May 03)
  - Re: Snort, MySQL, Acid Tim Sailer (May 03)
    - Re: Snort, MySQL, Acid Anton A. Chuvakin (May 06)
    - Re: Snort, MySQL, Acid Tim Sailer (May 06)
- RE: Snort, MySQL, Acid Whaley, Mike (May 06)
  - Re: Snort, MySQL, Acid Ian Macdonald (May 07)
    - Re: Snort, MySQL, Acid Ian Macdonald (May 07)
- RE: Snort, MySQL, Acid Whaley, Mike (May 06)
- RE: Snort, MySQL, Acid Whaley, Mike (May 07)
- snort, mysql, acid C White (Jun 13)