Snort mailing list archives

How can I remove redundant entries from the database?

From: Avery Rozar <Avery.Rozar () i-techsupport com>
Date: Mon, 10 Nov 2014 17:37:06 +0000

I’m using Barnyard2 to send alerts to a PostgreSQL database. As you all know one alert could actually be hundreds, or 
even thousands of events in the database. Is there a script available that removes redundant alerts from the database 
based on iphdr.ip_src, iphdr.ip_dst and event.sid, event.signature and leaves the original based on event.cid?


Thanks,
Avery

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

How can I remove redundant entries from the database? Avery Rozar (Nov 10)
- Re: How can I remove redundant entries from the database? Y M (Nov 11)