[Snort-users] Suppress alerts
prodger2008 at ...131...
Mon Oct 17 07:56:13 EDT 2005
I did and the result is the same. Is this right Sig
Id? I checked the SQL database and sig. id is 32 and
I changed the result is the same too.
Anybody can help me out and I am just too upset with
this as too many alerts are generating.
--- Frank Knobbe <frank at ...9761...> wrote:
> On Fri, 2005-10-14 at 11:20 -0700, Peter Rodger
> > [snort] (portscan) Open Port unclassified
> > [snort] (portscan) UDP Portsweep unclassified
> > [snort] (http_inspect) BARE BYTE UNICODE ENCODING
> > Are generating too many alerts. I have attempted
> > suppress these alerts in my snort.conf file like
> > following:
> > suppress gen_id 122, sig_id 27:
> > suppress gen_id 122, sig_id 19:
> > suppress gen_id 119, sig_id 4:
> > But those alerts are still generating a lot as
> > I do not know why these alerts can not be
> Did you notice Snort giving errors on startup?
> Remove the colon, that
> might help.
Yahoo! Music Unlimited
Access over 1 million songs. Try it free.
More information about the Snort-users