[Snort-users] Suppress alerts

Joel Esler joel.esler at ...1935...
Mon Oct 17 11:09:36 EDT 2005


The threshold.conf is probably in your /rules directory.  (The  
directory is located in your snort.conf  Search your snort.conf for  
"threshold.conf" and you'll see the include statement.

The Generator ID and SID are located in gid-msg.map and sid-msg.map.   
Probably in your rules directory.

Joel Esler
SOURCEfire


On Oct 17, 2005, at 1:06 PM, Peter Rodger wrote:

> Bruce,
>
> Thanks!  I am running Snort on windows too.   I'm
> using IIS6, MSSQL, PHP, and BASE on windows2003.
> BTW, I just found out that the threshold.conf file is
> in two plases: one is in \snort\etc folder; another is
> in \snort\rules folder.  Which one should I change?
> I changed the one in \snort\etc folder.
>
> How do you get genenator ID or SID?
>
> Thanks again,
>
> Peter
> --- "Briggs, Bruce" <Bruce.Briggs at ...13183...> wrote:
>
>
>> Yes I did see your Friday e-mail.
>>
>> I am running Snort on Windows and do not have your
>> problem.
>>
>> Also you do not need to reboot your Snort machine
>> when making a config
>> change - just stop & restart Snort.
>>
>> What Snort version?
>> What other support tools are you using - such as web
>> server & logging
>> database & alert viewer?
>> I'm using Apache, MySQL, PHP, and BASE.
>>
>> Bruce
>>
>>
>> -----Original Message-----
>> From: Peter Rodger [mailto:prodger2008 at ...131...]
>> Sent: Monday, October 17, 2005 11:52 AM
>> To: Briggs, Bruce
>> Subject: Fwd: RE: [Snort-users] Suppress alerts
>>
>> Bruce,
>>
>> Did you check this message I sent you last Friday?
>>
>> The snort.conf is the right file I changed.
>>
>> What could go wrong with it?
>>
>> Thanks so much,
>>
>> Peter
>> Note: forwarded message attached.
>>
>>
>>
>>
>>
>> __________________________________
>> Yahoo! Mail - PC Magazine Editors' Choice 2005
>> http://mail.yahoo.com
>>
>>
>
>
>
>
>
> __________________________________
> Yahoo! Mail - PC Magazine Editors' Choice 2005
> http://mail.yahoo.com
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads,  
> discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>





More information about the Snort-users mailing list