one other item

["Slighter, Tim" <tslighter () itc nrcs usda gov>]

with snort-inline + mysql.  It appears that all sessions are logged, very
similar to the session being "tagged" and these show up in the
/var/log/snort directory according to intruder IP

Change the mysql line in snort.conf from "log" to "alert" and also run the
snort-inline daemon with -o and the behavior becomes:

intruder IP address is no longer logged but victim IP is

have not yet found a way to prevent any session logging

everything still shows up in mysql