[Snort-users] Multiple IP addresses or use of variables in threshold.conf using SUPPRESS
Alex Butcher, ISC/ISYS
Alex.Butcher at ...11254...
Tue Feb 15 00:59:13 EST 2005
--On 14 February 2005 10:12 -0600 Eric Hines <eric.hines at ...8860...>
> I am having trouble specifying more than one IP in a suppress line in the
> threshold.conf. We've got to suppress 16 IP addresses and can't use a
> CIDR. Does anyone know if its possible to
> A) Specify a variable which contains a [ ] of multiple Ips
Yup; see $AIM_SERVERS in the standard config for an example.
> B) Specify more than one IP separated by comma's in a single suppress
It would seem not, from the manual (p.39ish)
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
More information about the Snort-users