[Snort-users] ACID gives erroneous information
Erwin Van de Velde
erwin.vandevelde at ...10361...
Sun Feb 29 11:35:03 EST 2004
No, I haven't deleted any alerts. However, I found something new: all alerts
in the database that are not in the ACID tables, have no signature, however,
snort inserted them there....
What does this mean? Are these snort bugs? Or is it something else?
On Sunday 29 February 2004 19:41, Josh Berry wrote:
> ACID is just a cache for alerts. When you delete alerts out of ACID I
> don't believe that it deletes them out of the Snort tables. Therefore if
> you deleted some alerts out of ACID they will still be in the Snort event
> table and therefore you will see a difference in the amount.
> I am not sure about this but I think that is what is happening.
More information about the Snort-users