[Snort-users] Suppress alerts

Briggs, Bruce Bruce.Briggs at ...13183...
Mon Oct 17 08:40:25 EDT 2005


Is it possible that you are not modifying the correct/running snort.conf
file?

Bruce

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Peter
Rodger
Sent: Monday, October 17, 2005 10:55 AM
To: Frank Knobbe; s
Subject: Re: [Snort-users] Suppress alerts

Frank,

I did and the result is the same.  Is this right Sig
Id?  I checked the SQL database and sig. id is 32 and
I changed the result is the same too.  

Anybody can help me out and I am just too upset with
this as too many alerts are generating.

Thanks,

Peter

--- Frank Knobbe <frank at ...9761...> wrote:

> On Fri, 2005-10-14 at 11:20 -0700, Peter Rodger
> wrote:
> > [snort] (portscan) Open Port unclassified
> > [snort] (portscan) UDP Portsweep unclassified
> > [snort] (http_inspect) BARE BYTE UNICODE ENCODING
> > 
> > Are generating too many alerts. I have attempted
> to
> > suppress these alerts in my snort.conf file like
> the
> > following:
> > suppress gen_id 122, sig_id 27:
> > suppress gen_id 122, sig_id 19:
> > suppress gen_id 119, sig_id 4:
> > 
> > But those alerts are still generating a lot as
> before.
> > I do not know why these alerts can not be
> surppressed?
> 
> Did you notice Snort giving errors on startup?
> Remove the colon, that
> might help.
> 
> Regards,
> Frank
> 
> 



		
__________________________________ 
Yahoo! Music Unlimited 
Access over 1 million songs. Try it free.
http://music.yahoo.com/unlimited/


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads,
discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list