[Snort-users] Using suppress and syntax

Bill Pickens wmpickens at ...11827...
Wed May 19 21:35:56 EDT 2010


Thanks Shawn,
It is a version issue for the first question.

suppress gen_id 1, sig_id 2009955, track by_dst, ip
[172.16.1.120,172.16.1.121]
I just test it on:
              Version 2.8.4.1 (Build 38) --- It didn, work!
              Version 2.8.6 (Build 38) ---- It worked!



On Wed, May 19, 2010 at 5:49 PM, Jefferson, Shawn <
Shawn.Jefferson at ...14448...> wrote:

>  Hi,
>
>
>
> I’m doing this and it works:
>
>
>
> suppress gen_id 1, sig_id 2009955, track by_dst, ip
> [172.16.1.120,172.16.1.121]
>
>
>
> with Snort v.2.8.5.3
>
>
>
> and I tested your suppress line and it worked for me as well (snort -T), no
> error message.
>
>
>  ------------------------------
>
> *From:* Bill Pickens [mailto:wmpickens at ...11827...]
> *Sent:* Wednesday, May 19, 2010 1:39 PM
> *To:* snort-users at lists.sourceforge.net
> *Subject:* [Snort-users] Using suppress and syntax
>
>
>
> Hello Everyone,
>
>
>
> I want to suppress a rule for a number of servers.
>
> Can I do that?
>
> I tried this an it gives me a parsing error:
>
> suppress gen_id 1, sig_id 469, track by_dst, ip
> [10.106.88.29,10.102.128.1,10.103.128.2,172.17.17.150]
>
>
> Also,
>
> What would be the proper syntax for the the last line show here:
>
> var ENT_DNS_SERVERS [10.101.1.1,10.103.1.2,10.105.3.4]
>
> var LOCAL_DNS_SERVERS [172.6.5.4,172.8.7.3,172.6.6.6]
>
> var DNS_SERVERS [$ENT_DNS_SERVERS,$LOCAL_DNS_SERVERS]  <--- is this
> correct? snort doesn't complain
>
>
>
> Thanks
>
> Bill
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100519/3ba33375/attachment.html>


More information about the Snort-users mailing list