[Snort-users] Snort, MySQL, Acid

Redman, Ken ken.redman at ...5424...
Fri May 3 07:57:04 EDT 2002


This question is more of a database questions, but it is reliant on the way Snort populates the data in MySQL.

I have:
MySQL-3.23.49a-1
Snort-1.8.6 
Acid-0.9.6b21
Redhat 7.2 with all Bugfixes and security patches up to date.

I have put in a rule to ignore the IP address that I do all my Pen-testing from. However, 80% of all alerts in MySQL/Acid are from my one IP address. Therefore I want to remove all instances of those entries from MySQL and Acid. Is this is possible "How do I do this?" and will I end up corrupting the MySQL?

Thanks in advance for any light than can be shed on this.

Ken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020503/73aea7f4/attachment.html>


More information about the Snort-users mailing list