[Snort-users] Search for UNKNOWN IP in ACID?

roman at ...438... roman at ...438...
Wed Mar 7 09:29:15 EST 2001

There is no explicit way identify and delete alerts with an 
"UNKNOWN IP field".  Their very existance is an aberation from
the database logging perspective; they represent incomplete alerts.  

More information about the Snort-users mailing list