Snort mailing list archives
Snort, MySQL, Acid
From: "Redman, Ken" <ken.redman () mssm edu>
Date: Fri, 3 May 2002 10:49:44 -0400
This question is more of a database questions, but it is reliant on the way Snort populates the data in MySQL. I have: MySQL-3.23.49a-1 Snort-1.8.6 Acid-0.9.6b21 Redhat 7.2 with all Bugfixes and security patches up to date. I have put in a rule to ignore the IP address that I do all my Pen-testing from. However, 80% of all alerts in MySQL/Acid are from my one IP address. Therefore I want to remove all instances of those entries from MySQL and Acid. Is this is possible "How do I do this?" and will I end up corrupting the MySQL? Thanks in advance for any light than can be shed on this. Ken
Current thread:
- RE: Snort, MySQL, Acid Tom Sevy (May 03)
- <Possible follow-ups>
- Snort, MySQL, Acid Redman, Ken (May 03)
- Re: Snort, MySQL, Acid Tim Sailer (May 03)
- Re: Snort, MySQL, Acid Anton A. Chuvakin (May 06)
- Re: Snort, MySQL, Acid Tim Sailer (May 06)
- Re: Snort, MySQL, Acid Tim Sailer (May 03)
- RE: Snort, MySQL, Acid Whaley, Mike (May 06)
- Re: Snort, MySQL, Acid Ian Macdonald (May 07)
- Re: Snort, MySQL, Acid Ian Macdonald (May 07)
- Re: Snort, MySQL, Acid Ian Macdonald (May 07)
- RE: Snort, MySQL, Acid Whaley, Mike (May 06)
- RE: Snort, MySQL, Acid Whaley, Mike (May 07)
- snort, mysql, acid C White (Jun 13)