[Snort-users] How can I remove redundant entries from the database?

Avery Rozar Avery.Rozar at ...16118...
Mon Nov 10 12:37:06 EST 2014


I’m using Barnyard2 to send alerts to a PostgreSQL database. As you all know one alert could actually be hundreds, or even thousands of events in the database. Is there a script available that removes redundant alerts from the database based on iphdr.ip_src, iphdr.ip_dst and event.sid, event.signature and leaves the original based on event.cid?


Thanks,
Avery




More information about the Snort-users mailing list