[Snort-users] Too many false positives

Chris Green cmg at ...671...
Fri Jan 18 08:48:05 EST 2002


"Paul Slinski" <pauls at ...3346...> writes:

> Does this look like msn access to you?
>
> I have 3 Linux servers running 1.8.3 all logging to a MySql database at a
> remote location through ssh tunnels. Sometimes, I'm not sure why the logs
> show strange results for signatures.
>
> Is this a common problem? I can send more examples if needed.
>

odd, it looks like your event ids aren't lining up.   Not sure why it
would be doing that.  I'm not familiear enough with snortdb to tell
you what could be causing that.

Have you tried a new database instead of the current one?
-- 
Chris Green <cmg at ...671...>
A watched process never cores.




More information about the Snort-users mailing list