[Snort-users] Snort too verbose

Rick Chisholm rchisholm at ...15434...
Mon Nov 14 11:36:30 EST 2011


Historically, I used threshold.conf - but apparently that is well
deprecated now.  It's the suppress event_filter I think I am interested it
- but where do I use these rules?


On Mon, November 14, 2011 10:35 am, Joel Esler wrote:
> On Nov 14, 2011, at 9:05 AM, Rick Chisholm wrote:
>
>> Since upgrading to 2.9.1.x I find I'm getting much more verbose alerting
>> than previously.  Of particular note is http_inspect and ssl_ssp - which
>> I
>> think are from certain preprocessors.  What can I do to mute these?
>
> Event_filter.
>
> Look into README.filters in the doc/ directory of the tarball.
>
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
>


-- 
Rick Chisholm
Systems Administrator
Parallel42





More information about the Snort-users mailing list