Snort mailing list archives

Previous By Date Next
Previous By Thread Next

ACID with 2 archive databases?

From: Michael <snorter () gmx net>
Date: Tue, 7 Jan 2003 15:30:31 +0100 (MET)
Hi,

I'm using Snort 1.9.0 with ACID v0.9.6b22. I created an archive database and
use the ACID function to move the true alerts to the archive. 
All my charts an history comes from the archive database. The false
positives
stay in the snort database, because I don't want to delete them. Sometimes
I'm
not shure if an alert is a false positive and sometimes I need to check an
old alert
a second time.
The problem is that we sometimes have more than one person working on the
alerts
in the snort database. And that is very difficult with thousands of old
alerts in this
database.
Is it possible to use ACID with a second archive database (archive2) where
we can
move the false positives to? So that we've a snort database with only the
new, 
unexamined alerts. We want to move the true alerts to the archive1 database
and
the false positives to the archive2 databse.
Has anyone done something like this or have a need for it too?

Any ideas?

Thanx for you help,
Michael



-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: