Snort mailing list archives
How can I remove redundant entries from the database?
From: Avery Rozar <Avery.Rozar () i-techsupport com>
Date: Mon, 10 Nov 2014 17:37:06 +0000
I’m using Barnyard2 to send alerts to a PostgreSQL database. As you all know one alert could actually be hundreds, or even thousands of events in the database. Is there a script available that removes redundant alerts from the database based on iphdr.ip_src, iphdr.ip_dst and event.sid, event.signature and leaves the original based on event.cid? Thanks, Avery ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- How can I remove redundant entries from the database? Avery Rozar (Nov 10)