[Snort-users] Ignored x duplicate alerts (ACID, MySQL, Snort)
rshuck at ...6736...
Thu Jun 12 12:40:09 EDT 2003
A while back Jason Thompson posted a question about duplicate records in
snort_archive due to snort starting the cid over if all records were
Does anyone know if 2.0 fixes this with the last_cid field in
snort.sensor? There has to be a better way to keep Snort from starting
the cid over than always keeping a record in the snort db. I archive all
alert after I have dealt with them, so I strive to clear the regular
Any help would be greatly appreciated.
Ron Shuck, CISSP, GCIA, CCSE - Managing Consultant
Buchanan Associates - A Technology Company in the People Business
More information about the Snort-users