Snort mailing list archives
RE: ACID with 2 archive databases?
From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Tue, 7 Jan 2003 08:18:31 -0700
What i have done is this: I first create the main acid database and define an archive database in the second section of the acid_conf.php file. In the second file I use the archive database as the primary ACID database and then define a second archive database as the archive for the archive. does that make sense? -----Original Message----- From: Michael [mailto:snorter () gmx net] Sent: Tuesday, January 07, 2003 7:31 AM To: snort-users () sourceforge net Subject: [Snort-users] ACID with 2 archive databases? Hi, I'm using Snort 1.9.0 with ACID v0.9.6b22. I created an archive database and use the ACID function to move the true alerts to the archive. All my charts an history comes from the archive database. The false positives stay in the snort database, because I don't want to delete them. Sometimes I'm not shure if an alert is a false positive and sometimes I need to check an old alert a second time. The problem is that we sometimes have more than one person working on the alerts in the snort database. And that is very difficult with thousands of old alerts in this database. Is it possible to use ACID with a second archive database (archive2) where we can move the false positives to? So that we've a snort database with only the new, unexamined alerts. We want to move the true alerts to the archive1 database and the false positives to the archive2 databse. Has anyone done something like this or have a need for it too? Any ideas? Thanx for you help, Michael -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen! ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ACID with 2 archive databases? Michael (Jan 07)
- RE: ACID with 2 archive databases? Matías Bevilacqua (Jan 07)
- <Possible follow-ups>
- RE: ACID with 2 archive databases? Slighter, Tim (Jan 07)
- RE: ACID with 2 archive databases? Chris Eidem (Jan 07)
- RE: ACID with 2 archive databases? Michael (Jan 08)