[Snort-devel] RFE: improving generation of event_ref
dirk at ...972...
Fri Oct 8 04:09:02 EDT 2004
I guess the "cheapest" solution would be to start
with a preset event_id of e.g. the seconds of the
epoch up to now minus a start value like yesterday?
Of course this could result in collisions if you restart
snort and there were more alerts then 1 per second since
the last start of snort.
> >Just my thoughts on the topic.
> Just mine. ;-)
...and this are mine...
More information about the Snort-devel