[Snort-sigs] if match on rule don't log or something like that

Alexandru Balan jay at ...1722...
Tue Dec 16 06:20:38 EST 2003


	Hello, i'm getting a lot of false positives on a few of the rules and
i'd like to customise them like the following example: 

let's say i have server x which generates most false positives and i
want to ignore matches on some signature if the packets are directed to
him. 
I tried adding another include $rule_path/server.x/false-positives.rules
in which i added the signature with "pass" ( the manual said pass
ignores the packet ). But still the packet is matched on the default
rule ( alert $ANY - > $MY_HOME_NET ..signature ( which includes that
server  ). 

I'm terribly sorry for my poor exprimation. I'm jus trying to ignore
matches to some hosts using a "false-positives.rules" file included in
snort.conf

-- 
Jay
Public GnuPG key AAB551A4 available at
http://www.ines.ro/public_keys/jay.gpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20031216/9875c665/attachment.sig>


More information about the Snort-sigs mailing list