[Snort-users] suppressing alert...

waldo kitty wkitty42 at ...14940...
Thu Sep 23 14:51:19 EDT 2010


On 9/22/2010 22:38, Alex Tatistcheff wrote:
> Bug or no bug, I get the same result.

thank you for your report ;)

for completeness, mine is

    ,,_     -*> Snort! <*-
   o"  )~   Version 2.8.6.1 (Build 39)
    ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
            Copyright (C) 1998-2010 Sourcefire, Inc., et al.
            Using PCRE version: 7.8 2008-09-05


> threshold.conf
> suppress gen_id 1, sig_id 1, track by_src, ip 10.1.1.1
> suppress gen_id 1, sig_id 1, track by_src, ip 10.1.1.2
>
>
> snort output:
> Sep 22 22:30:57 Snortbox snort[4750]:
> +-----------------------[suppression]------------------------------------------
> Sep 22 22:30:57 Snortbox snort[4750]: | gen-id=1      sig-id=1
> tracking=src-ip=<list>
> Sep 22 22:30:57 Snortbox snort[4750]: | gen-id=1      sig-id=1
> tracking=src-ip=<list>
> Sep 22 22:30:57 Snortbox snort[4750]:
> -------------------------------------------------------------------------------
>
> [root at ...14988... snort]# snort -V
>
>     ,,_     -*> Snort! <*-
>    o"  )~   Version 2.8.6 (Build 38) inline
> ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
>             Copyright (C) 1998-2010 Sourcefire, Inc., et al.
>             Using PCRE version: 7.9 2009-04-11
>             Using ZLIB version: 1.2.3






More information about the Snort-users mailing list