[Snort-users] Snort too verbose
rchisholm at ...15434...
Mon Nov 14 11:36:30 EST 2011
Historically, I used threshold.conf - but apparently that is well
deprecated now. It's the suppress event_filter I think I am interested it
- but where do I use these rules?
On Mon, November 14, 2011 10:35 am, Joel Esler wrote:
> On Nov 14, 2011, at 9:05 AM, Rick Chisholm wrote:
>> Since upgrading to 2.9.1.x I find I'm getting much more verbose alerting
>> than previously. Of particular note is http_inspect and ssl_ssp - which
>> think are from certain preprocessors. What can I do to mute these?
> Look into README.filters in the doc/ directory of the tarball.
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
More information about the Snort-users