[Snort-users] Snort Configurations

Eoin Miller eoin.miller at ...14586...
Thu Sep 23 17:19:52 EDT 2010


  Add this to your threshold.conf file:

---snip---
# Get rid of annoying http_inspect alerts
suppress gen_id 119, sig_id 19
suppress gen_id 119, sig_id 16
suppress gen_id 119, sig_id 15
suppress gen_id 119, sig_id 14
suppress gen_id 119, sig_id 3
suppress gen_id 119, sig_id 2
suppress gen_id 119, sig_id 4
suppress gen_id 119, sig_id 7
---snip---

Those are the ones we get rid of because they alert constantly. If this 
isn't working, then the location of the threshold.conf file you are 
editing is incorrect and it is not being read when snort is started up.

-- Eoin




More information about the Snort-users mailing list