Snort mailing list archives

Re: Over 1 Million records in ACID.....

From: Erick Mechler <emechler () techometer net>
Date: Thu, 27 Mar 2003 12:19:23 -0800

:: I got some over 1(one) million records in ACID under one of the
:: classifications.
:: 
:: This is due to the fact that I turned on the rule "sid: 1620; rev: 3; msg:
:: "BAD TRAFFIC Non-Standard IP protocol"; ip_proto: !89; classtype:
:: non-standard-protocol;)". Big mistake!!!!!
:: 
:: Now that I've learned from this mistake, how can I get rid of these records?

I believe there was a script posted to the list earlier this year that
could do just what you need.  It would delete all records during a specific
timeframe with a given SID.  Do a search on the archives and see if you can
find it.

Cheers - Erick


-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Over 1 Million records in ACID..... Ghercoias, Catalin (Mar 27)
- Re: Over 1 Million records in ACID..... Paul Schmehl (Mar 27)
- Re: Over 1 Million records in ACID..... David E. Gianndrea (Mar 27)
- Re: Over 1 Million records in ACID..... Erick Mechler (Mar 27)
- <Possible follow-ups>
- Re: Over 1 Million records in ACID..... Dusty Hall (Mar 27)
- RE: Over 1 Million records in ACID..... Ghercoias, Catalin (Mar 27)
  - Re: Over 1 Million records in ACID..... David E. Gianndrea (Mar 27)