Snort mailing list archives

Re: Too many false positives

From: Chris Green <cmg () uab edu>
Date: Fri, 18 Jan 2002 10:47:47 -0600

"Paul Slinski" <pauls () globaliqx com> writes:

Does this look like msn access to you?

I have 3 Linux servers running 1.8.3 all logging to a MySql database at a
remote location through ssh tunnels. Sometimes, I'm not sure why the logs
show strange results for signatures.

Is this a common problem? I can send more examples if needed.


odd, it looks like your event ids aren't lining up.   Not sure why it
would be doing that.  I'm not familiear enough with snortdb to tell
you what could be causing that.

Have you tried a new database instead of the current one?
-- 
Chris Green <cmg () uab edu>
A watched process never cores.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Too many false positives Paul Slinski (Jan 18)
- Too many false positives - Forgot the screenshot Paul Slinski (Jan 18)
- Re: Too many false positives Chris Green (Jan 18)
  - RE: Too many false positives Paul Slinski (Jan 18)