[Snort-users] Suppressing gen_id 116
bmc at ...950...
Thu Aug 5 07:10:06 EDT 2004
On Tue, Jul 20, 2004 at 10:33:48AM -0700, snort user wrote:
> I running snort 2.1.3 and I am trying to suppress the
> following snort_decoder alerts using the thresholding
> (snort_decoder) WARNING: Bad Token Ring MR Header!
> (snort_decoder) WARNING: Bad Token Ring ETHLLC Header!
> (snort_decoder) WARNING: Bad Token Ring MRLENHeader!
> My threshold.conf file look like this:
> suppress gen_id 116, sig_id 141
> suppress gen_id 116, sig_id 142
> suppress gen_id 116, sig_id 143
Suppression doesn't work on alerts on packets without valid IP
headers. I logged this as a bug a while ago and submitted a patch
that fixes it for me. We'll see when a fix for the bug is accepted.
More information about the Snort-users