[Snort-users] Suppress alerts

Briggs, Bruce Bruce.Briggs at ...13183...
Fri Oct 14 12:45:40 EDT 2005


Did you uncomment 
include threshold.conf

in your Snort config? 


Bruce
-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Peter
Rodger
Sent: Friday, October 14, 2005 2:20 PM
To: s
Subject: [Snort-users] Suppress alerts

Hi all,

Currently
[snort] (portscan) Open Port unclassified
[snort] (portscan) UDP Portsweep unclassified
[snort] (http_inspect) BARE BYTE UNICODE ENCODING

Are generating too many alerts. I have attempted to
suppress these alerts in my snort.conf file like the
following:
suppress gen_id 122, sig_id 27:
suppress gen_id 122, sig_id 19:
suppress gen_id 119, sig_id 4:

But those alerts are still generating a lot as before.
 

I do not know why these alerts can not be surppressed?

Thanks,

Peter



		
__________________________________ 
Start your day with Yahoo! - Make it your home page! 
http://www.yahoo.com/r/hs


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads,
discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list