[Snort-users] 300,000 alerts in Database from spp_asn1
Randy.Bey at ...6683...
Mon Oct 28 13:20:03 EST 2002
Yes, that doggone asn1 thing bit me too. I stopped it toot sweet as it
was logging dozens every minute from the git go. Needs more work as a
plugin, is my guess.
As far as deleting a zillion records, you need to be a bit more specific
in your sql query. I would use the 'search' link under acid and restrict
your alert time to one day at a time. I hope this would help.
7300 W 147th St Suite 300
Apple Valley, MN 55124
> -----Original Message-----
> From: Nicholas Bachmann [mailto:nbachmann at ...6522...]
> Sent: Friday, October 25, 2002 6:10 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] 300,000 alerts in Database from spp_asn1
> Through some weirdness, spp_asn1 on Snort 1.9 has flooded my
> PostgreSQL database with over 300,000 alerts (which seem to be
> false-positive, or at least not malicious), which has not made the DB
> very happy :-). The actual probem is peripheral to my actual
> but I'm sure somebody is interested; I will provide details on or off
> My questions is this: how does one go about deleting those 300,000
> alerts. Just doing a delete in ACID doesn't cut it; I left it
> over a weekend and that didn't work (probably timed out) and while
> deleting no alerts are able to be added to the database, and I can't
> check it anyway (transaction block?).
> Any ideas?
> Nicholas Bachmann, SSCP
> Tech Department
> Davison Community Schools
> This sf.net email is sponsored by: Influence the future
> of Java(TM) technology. Join the Java Community
> Process(SM) (JCP(SM)) program now.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users