[Snort-users] Suppress alerts
frank at ...9761...
Fri Oct 14 17:08:59 EDT 2005
On Fri, 2005-10-14 at 11:20 -0700, Peter Rodger wrote:
> [snort] (portscan) Open Port unclassified
> [snort] (portscan) UDP Portsweep unclassified
> [snort] (http_inspect) BARE BYTE UNICODE ENCODING
> Are generating too many alerts. I have attempted to
> suppress these alerts in my snort.conf file like the
> suppress gen_id 122, sig_id 27:
> suppress gen_id 122, sig_id 19:
> suppress gen_id 119, sig_id 4:
> But those alerts are still generating a lot as before.
> I do not know why these alerts can not be surppressed?
Did you notice Snort giving errors on startup? Remove the colon, that
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: This is a digitally signed message part
More information about the Snort-users