[Snort-users] Suppressing gen_id 116
snortuser2000 at ...131...
Wed Jul 21 13:20:05 EDT 2004
I running snort 2.1.3 and I am trying to suppress the
following snort_decoder alerts using the thresholding
(snort_decoder) WARNING: Bad Token Ring MR Header!
(snort_decoder) WARNING: Bad Token Ring ETHLLC Header!
(snort_decoder) WARNING: Bad Token Ring MRLENHeader!
My threshold.conf file look like this:
suppress gen_id 116, sig_id 141
suppress gen_id 116, sig_id 142
suppress gen_id 116, sig_id 143
I have 'include threshold.conf' in my snort.conf.
When I load snort, not in daemon mode, I see the rules
load, but the events still get logged to my database.
The only way I have been able to turn them off is to
set the following option in snort.conf:
Can anyone tell me why suppression is not working for
me? Is my gen_id wrong? sig_id?
Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!
More information about the Snort-users