[Snort-users] Suppress alerts

Frank Knobbe frank at ...9761...
Fri Oct 14 17:08:59 EDT 2005


On Fri, 2005-10-14 at 11:20 -0700, Peter Rodger wrote:
> [snort] (portscan) Open Port unclassified
> [snort] (portscan) UDP Portsweep unclassified
> [snort] (http_inspect) BARE BYTE UNICODE ENCODING
> 
> Are generating too many alerts. I have attempted to
> suppress these alerts in my snort.conf file like the
> following:
> suppress gen_id 122, sig_id 27:
> suppress gen_id 122, sig_id 19:
> suppress gen_id 119, sig_id 4:
> 
> But those alerts are still generating a lot as before.
> I do not know why these alerts can not be surppressed?

Did you notice Snort giving errors on startup? Remove the colon, that
might help.

Regards,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20051014/ba05985b/attachment.sig>


More information about the Snort-users mailing list