[Snort-users] Snort Configurations

Russ Combs rcombs at ...1935...
Fri Sep 24 09:15:47 EDT 2010


You don't happen to have config autogenerate_preprocessor_decoder_rules in
your conf do you?

On Thu, Sep 23, 2010 at 5:19 PM, Eoin Miller <
eoin.miller at ...14586...> wrote:

>  Add this to your threshold.conf file:
>
> ---snip---
> # Get rid of annoying http_inspect alerts
> suppress gen_id 119, sig_id 19
> suppress gen_id 119, sig_id 16
> suppress gen_id 119, sig_id 15
> suppress gen_id 119, sig_id 14
> suppress gen_id 119, sig_id 3
> suppress gen_id 119, sig_id 2
> suppress gen_id 119, sig_id 4
> suppress gen_id 119, sig_id 7
> ---snip---
>
> Those are the ones we get rid of because they alert constantly. If this
> isn't working, then the location of the threshold.conf file you are
> editing is incorrect and it is not being read when snort is started up.
>
> -- Eoin
>
>
> ------------------------------------------------------------------------------
>  Nokia and AT&T present the 2010 Calling All Innovators-North America
> contest
> Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
> $10 million total in prizes - $4M cash, 500 devices, nearly $6M in
> marketing
> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
> http://p.sf.net/sfu/nokia-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100924/464d2df4/attachment.html>


More information about the Snort-users mailing list