Snort mailing list archives
Re: Snort, MySQL, Acid
From: Tim Sailer <sailer () bnl gov>
Date: Fri, 3 May 2002 11:18:01 -0400
On Fri, May 03, 2002 at 10:49:44AM -0400, Redman, Ken wrote:
I have put in a rule to ignore the IP address that I do all my Pen-testing from. However, 80% of all alerts in MySQL/Acid are from my one IP address. Therefore I want to remove all instances of those entries from MySQL and Acid. Is this is possible "How do I do this?" and will I end up corrupting the MySQL?
I think the easiest way, since you have ACID, is to query on your IP address in ACID, and then tell it to delete the whole query. It will clean up nicely. Tim -- Tim Sailer <sailer () bnl gov> Brookhaven National Laboratory (631) 344-3001 _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Snort, MySQL, Acid Tom Sevy (May 03)
- <Possible follow-ups>
- Snort, MySQL, Acid Redman, Ken (May 03)
- Re: Snort, MySQL, Acid Tim Sailer (May 03)
- Re: Snort, MySQL, Acid Anton A. Chuvakin (May 06)
- Re: Snort, MySQL, Acid Tim Sailer (May 06)
- Re: Snort, MySQL, Acid Tim Sailer (May 03)
- RE: Snort, MySQL, Acid Whaley, Mike (May 06)
- Re: Snort, MySQL, Acid Ian Macdonald (May 07)
- Re: Snort, MySQL, Acid Ian Macdonald (May 07)
- Re: Snort, MySQL, Acid Ian Macdonald (May 07)
- RE: Snort, MySQL, Acid Whaley, Mike (May 06)
- RE: Snort, MySQL, Acid Whaley, Mike (May 07)
- snort, mysql, acid C White (Jun 13)