Snort mailing list archives

RE: Too many false positives

From: "Paul Slinski" <pauls () globaliqx com>
Date: Fri, 18 Jan 2002 12:14:56 -0500

Yeah, dumped the whole db and refreshed the tables to empty.

Maybe it's my front-end? Hmm

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Chris Green
Sent: Friday, January 18, 2002 11:48 AM
To: Snort-Users
Subject: Re: [Snort-users] Too many false positives

odd, it looks like your event ids aren't lining up.   Not sure why it
would be doing that.  I'm not familiear enough with snortdb to tell
you what could be causing that.

Have you tried a new database instead of the current one?
-- 
Chris Green <cmg () uab edu>
A watched process never cores.



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Too many false positives Paul Slinski (Jan 18)
- Too many false positives - Forgot the screenshot Paul Slinski (Jan 18)
- Re: Too many false positives Chris Green (Jan 18)
  - RE: Too many false positives Paul Slinski (Jan 18)