[Snort-users] (no subject)
Reeves, Michael (GEAE, Compaq)
michael.reeves at ...3457...
Mon Sep 17 13:30:04 EDT 2001
I would drop the database and recreate it if you want to start "fresh" Only
takes a few minutes... Or even create a new instance and have your new
events logged there and point ACID there. Hope that helps.
From: Wells, Kenneth L [mailto:kw151002 at ...3461...]
Sent: Monday, September 17, 2001 4:12 PM
To: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] (no subject)
When I look at my default snort view screen I see TCP, UCP, ICMp, etc....
how can I erase all of this and start clean?
I want to move my sensor to another subnet but want to clear out the old
I'm using acid v0.9.6b6 for windows 2000
From: Wayne T Work [mailto:wwork at ...3179...]
Sent: Monday, September 17, 2001 4:00 PM
To: Wells, Kenneth L; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] (no subject)
Yepper there is a way.
select a protocol to look at and then go to the bottom. the selection on the
left side will let you do several things. Archive is one as well as delete.
Choos which one and then go right to select only that page, all in query or
you can check the blocks on the ones you want to perform actions on. All
this is on the latest version of ACID
At 03:40 PM 9/17/2001 -0400, Wells, Kenneth L wrote:
I'm currently using ACId for my snort Ids. Is there a way that I can archive
old data and start collecting new data?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users