snort-users May 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] alert suppression

Re: [Snort-users] alert suppression

From: Pedro Marinho <pppmarinho_at_nospam>
Date: Thu May 07 2009 - 12:53:44 GMT

Hello Jefferson,

>Searching on the IP address in the tagged packet, like Greg suggested and
then sorting them >by timestamp shows that this alert and a couple of tagged packets all have the same src/dst >IP and port and timestamp in BASE.

>Now I know what they are, I don't want to get rid of them from showing up
in BASE. ;)


I know a way to get rid of it on base; Log in at mysql use databasesnort;

First you have to figure it out what is the sig_id of this

select sig_id from signature where sig_name = 'tag: tagged packet';

this query will return a number like 435 for example then u do another query with the number from the previously query

delete from event where signature = 435; delete from acid_event where signature = 435;

ps: be carefull!! this will delete all alerts that have the signature msg "tag: tagged packet" from snort database

The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled.

Snort-users mailing list
Go to this URL to change user options or unsubscribe: Snort-users list archive: