[Snort-users] Trimming/Archiving Snort Data from a MYSQL Db. (How do you do it?)

Frank Reid fcreid at ...691...
Sun Oct 29 08:56:49 EST 2000


Any HOWTO on using the new Alert Group feature in ACID?  From the context, I
assume one can now assign alerts into various groups (e.g. severe, minor,
etc.) to facilitate weeding through them.  I'm not sure if that's done in
the rules file or in the PHP script itself.  Guess I'll have to delve into
it and figure it out.

Frank

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Ian Jones
Sent: Saturday, October 28, 2000 14:29
To: Bill Marquette; box.inter-tel.net
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Trimming/Archiving Snort Data from a MYSQL
Db. (How do you do it?)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The latest version of ACID does allow you to delete a found set of
alerts. I am using version acid-0.9.5b4 and it will trim alerts.

- From the ACID README:
>+ See http://www.cert.org/kb/acid for the most up to date
>+ information and documentation about this application.
>+
>+ Mirrored: http://www.andrew.cmu.edu/~rdanyliw/snort/
>+ (usually contains the latest beta code)

Acrhival would be nice. Even nicer would be the ability to export a
found set to a flat text file. Not complaining, though. It is great
in it's present state.

Ian Jones

- ----- Original Message -----
Subject: Re: [Snort-users] Trimming/Archiving Snort Data from a MYSQL
Db. (How do you do it?)
> The next release of ACID will have an option to remove database
> entries.  >

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: Making the world safe for geeks.

iQA/AwUBOfsa1cAVSpfzXItKEQJw4wCfXWhqshBOZFkPegIDjfJRfrYT4tEAoPZL
4lSllgFlZ3w5KdtsXhvk2EzQ
=5JyZ
-----END PGP SIGNATURE-----


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users





More information about the Snort-users mailing list