[Snort-users] Using suppress and syntax

Bill Pickens wmpickens at ...11827...
Wed May 19 16:38:35 EDT 2010


Hello Everyone,

I want to suppress a rule for a number of servers.
Can I do that?
I tried this an it gives me a parsing error:
suppress gen_id 1, sig_id 469, track by_dst, ip
[10.106.88.29,10.102.128.1,10.103.128.2,172.17.17.150]


Also,
What would be the proper syntax for the the last line show here:
var ENT_DNS_SERVERS [10.101.1.1,10.103.1.2,10.105.3.4]
var LOCAL_DNS_SERVERS [172.6.5.4,172.8.7.3,172.6.6.6]
var DNS_SERVERS [$ENT_DNS_SERVERS,$LOCAL_DNS_SERVERS]  <--- is this correct?
snort doesn't complain

Thanks
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100519/28e4d575/attachment.html>


More information about the Snort-users mailing list