[Snort-users] Snort too verbose

Joel Esler jesler at ...1935...
Mon Nov 14 11:57:29 EST 2011


Place them in the threshold.conf that is referenced from your snort.conf

J

On Nov 14, 2011, at 11:36 AM, Rick Chisholm wrote:

> Historically, I used threshold.conf - but apparently that is well
> deprecated now.  It's the suppress event_filter I think I am interested it
> - but where do I use these rules?
> 
> 
> On Mon, November 14, 2011 10:35 am, Joel Esler wrote:
>> On Nov 14, 2011, at 9:05 AM, Rick Chisholm wrote:
>> 
>>> Since upgrading to 2.9.1.x I find I'm getting much more verbose alerting
>>> than previously.  Of particular note is http_inspect and ssl_ssp - which
>>> I
>>> think are from certain preprocessors.  What can I do to mute these?
>> 
>> Event_filter.
>> 
>> Look into README.filters in the doc/ directory of the tarball.
>> 
>> --
>> Joel Esler
>> Senior Research Engineer, VRT
>> OpenSource Community Manager
>> Sourcefire
>> 
> 
> 
> -- 
> Rick Chisholm
> Systems Administrator
> Parallel42
> 





More information about the Snort-users mailing list