[Snort-users] Ignored x duplicate alerts (ACID, MySQL, Snort)

Ron Shuck rshuck at ...6736...
Thu Jun 12 12:40:09 EDT 2003


Hi All,

A while back Jason Thompson posted a question about duplicate records in
snort_archive due to snort starting the cid over if all records were
removed.

Does anyone know if 2.0 fixes this with the last_cid field in
snort.sensor? There has to be a better way to keep Snort from starting
the cid over than always keeping a record in the snort db. I archive all
alert after I have dealt with them, so I strive to clear the regular
snort db.

Any help would be greatly appreciated.


Thanks, 

Ron Shuck, CISSP, GCIA, CCSE - Managing Consultant 
Buchanan Associates - A Technology Company in the People Business 




More information about the Snort-users mailing list