RE: Snort, MySQL, Acid

[Tom Sevy <tsevy () epx com>]

Did you try a BPF filter?

-----Original Message-----
From: Redman, Ken [mailto:ken.redman () mssm edu] 
Sent: Friday, May 03, 2002 10:50 AM
To: Snort Users List (E-mail)
Subject: [Snort-users] Snort, MySQL, Acid


This question is more of a database questions, but it is reliant on the way
Snort populates the data in MySQL.

I have:

MySQL-3.23.49a-1

Snort-1.8.6 

Acid-0.9.6b21

Redhat 7.2 with all Bugfixes and security patches up to date.

I have put in a rule to ignore the IP address that I do all my Pen-testing
from. However, 80% of all alerts in MySQL/Acid are from my one IP address.
Therefore I want to remove all instances of those entries from MySQL and
Acid. Is this is possible "How do I do this?" and will I end up corrupting
the MySQL?

Thanks in advance for any light than can be shed on this.

Ken


_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users