[Snort-users] ACID 0.9.5 Released
roman at ...438...
Fri Jan 19 16:44:42 EST 2001
> > I totally agree Jeff, ACID kicks some serious ass and is well
> > worth a look at.
> > Your comment on alerting on DB INSERTS made me laugh and
> > reminded me of the time
> > I had snort trigger (on four different machines) from
> > downloading a new rule
> > update!
> To stop it from triggering on DB INSERTS, just pipe your mysql
> over SSH. :)
How about using a pass rule for all the Snort traffic to your MySQL
e.g: pass tcp <snort_box> any -> <mysql_box> 3306 (msg:"Alert SQL";)
More information about the Snort-users