[Snort-users] Snort, MySQL, Acid

Tim Sailer sailer at ...2968...
Fri May 3 08:26:02 EDT 2002


On Fri, May 03, 2002 at 10:49:44AM -0400, Redman, Ken wrote:
> I have put in a rule to ignore the IP address that I do all my Pen-testing from. However, 80% of all alerts in MySQL/Acid are from my one IP address. Therefore I want to remove all instances of those entries from MySQL and Acid. Is this is possible "How do I do this?" and will I end up corrupting the MySQL?

I think the easiest way, since you have ACID, is to query on your IP
address in ACID, and then tell it to delete the whole query. It will
clean up nicely.

Tim

-- 
Tim Sailer <sailer at ...2968...> 
Brookhaven National Laboratory  (631) 344-3001




More information about the Snort-users mailing list