Fwd: Re: [Snort-users] Suppress alerts

Peter Rodger prodger2008 at ...131...
Thu Oct 20 07:00:29 EDT 2005


Hi 

Thanks for your hint.  The output had a error as I
forgot to specify -l in comand line.  The attached is
the right output after I specified -l switch in
command line.

Here is the last part of output:

+-----------------------[thresholding-config]----------------------------------
| memory-cap : 1048576 bytes
+-----------------------[thresholding-global]----------------------------------
| none
+-----------------------[thresholding-local]-----------------------------------
| gen-id=1      sig-id=3273       type=Threshold
tracking=src count=5   seconds=
2
| gen-id=1      sig-id=3543       type=Threshold
tracking=src count=5   seconds=
2
| gen-id=1      sig-id=3152       type=Threshold
tracking=src count=5   seconds=
2
| gen-id=1      sig-id=2523       type=Both     
tracking=dst count=10  seconds=
10
| gen-id=1      sig-id=2275       type=Threshold
tracking=dst count=5   seconds=
60
| gen-id=1      sig-id=3542       type=Threshold
tracking=src count=5   seconds=
2
| gen-id=1      sig-id=3527       type=Limit    
tracking=dst count=5   seconds=
60
+-----------------------[suppression]------------------------------------------
| gen-id=119    sig-id=4         
tracking=dstip=0.0.0.0           mask=0.0.0.0

| gen-id=122    sig-id=27        
tracking=dstip=0.0.0.0           mask=0.0.0.0

| gen-id=122    sig-id=19        
tracking=dstip=0.0.0.0           mask=0.0.0.0

*****************

It looked like it reads the threshold.conf but can not
suppress the alerts?  Why?

Any help will be appreciated.  I am just too upset
with that.


Thanks,

Peter



--- João Mota <joao at ...13547...> wrote:

> Peter Rodger wrote:
> 
> >Hi,
> >
> >Thanks for your help.  Sorry that I did not send
> whole
> >output to you.  Please see the attched output.txt
> and
> >there is an error stopped in log directory.  Can
> not
> >figure out why?
> >
> >  
> >
> >ERROR:
> >[!] ERROR: Can not get write access to logging
> directory "log".
> >(directory doesn't exist or permissions are set
> incorrectly
> >or it is not a directory at all)
> >
> >Fatal Error, Quitting..
> >
> >D:\win-ids\Snort\bin>
> >
> Well... try to follow the instructions given. What's
> the output 
> configuration line? Have you tried replacing the '\'
> with '/' or 
> vice-versa in the logs path?
> 
> >Still get tons of open port alerts and desperately
> >need your help.
> >
> If Snort isn't starting how can you be getting
> alerts? When you figure 
> out what's wrong with the output dir send the
> Snort's output concerning 
> the thresholding.
> 
> Good hunting :)
> 
> 



	
		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: output.txt
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20051020/148715f1/attachment.txt>


More information about the Snort-users mailing list