Re: ACID gives erroneous information

[Erwin Van de Velde <erwin.vandevelde () ua ac be>]

Hi,

No, I haven't deleted any alerts. However, I found something new: all alerts 
in the database that are not in the ACID tables, have no signature, however, 
snort inserted them there....
What does this mean? Are these snort bugs? Or is it something else?

Greetings,
Erwin

On Sunday 29 February 2004 19:41, Josh Berry wrote:
> ACID is just a cache for alerts.  When you delete alerts out of ACID I
> don't believe that it deletes them out of the Snort tables.   Therefore if
> you deleted some alerts out of ACID they will still be in the Snort event
> table and therefore you will see a difference in the amount.
>
> I am not sure about this but I think that is what is happening.



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users