[Snort-users] Search for UNKNOWN IP in ACID?

jwebster(contr-sid) jwebster at ...425...
Tue Mar 6 18:19:57 EST 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have a large number of alerts in ACID with an IP address of
UNKNOWN.  I understand that these are generated from the
preprocessors (port scan, frag detect, etc.) but I can not figure out
how to delete these alerts.  Any ideas how to search/delete records
with an UNKNOWN IP field?

Thanks in advance,
Jim Webster

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.3

iQA/AwUBOqVw4XqoKdiuIf91EQL4rQCdHGq0TxrvMj5tmIdHBce4H4y3BK8AnAnB
8kZBXHUD0VVFyB5jRQnGrSJi
=aagu
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list