Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Ignored x duplicate alerts (ACID, MySQL, Snort)

From: "Ron Shuck" <rshuck () Buchanan com>
Date: Thu, 12 Jun 2003 14:39:19 -0500
Hi All,

A while back Jason Thompson posted a question about duplicate records in
snort_archive due to snort starting the cid over if all records were
removed.

Does anyone know if 2.0 fixes this with the last_cid field in
snort.sensor? There has to be a better way to keep Snort from starting
the cid over than always keeping a record in the snort db. I archive all
alert after I have dealt with them, so I strive to clear the regular
snort db.

Any help would be greatly appreciated.


Thanks, 

Ron Shuck, CISSP, GCIA, CCSE - Managing Consultant 
Buchanan Associates - A Technology Company in the People Business 


-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: