[Snort-users] Snort too verbose
jesler at ...1935...
Mon Nov 14 11:57:29 EST 2011
Place them in the threshold.conf that is referenced from your snort.conf
On Nov 14, 2011, at 11:36 AM, Rick Chisholm wrote:
> Historically, I used threshold.conf - but apparently that is well
> deprecated now. It's the suppress event_filter I think I am interested it
> - but where do I use these rules?
> On Mon, November 14, 2011 10:35 am, Joel Esler wrote:
>> On Nov 14, 2011, at 9:05 AM, Rick Chisholm wrote:
>>> Since upgrading to 2.9.1.x I find I'm getting much more verbose alerting
>>> than previously. Of particular note is http_inspect and ssl_ssp - which
>>> think are from certain preprocessors. What can I do to mute these?
>> Look into README.filters in the doc/ directory of the tarball.
>> Joel Esler
>> Senior Research Engineer, VRT
>> OpenSource Community Manager
> Rick Chisholm
> Systems Administrator
More information about the Snort-users