[Snort-users] Snort too verbose
rchisholm at ...15434...
Mon Nov 14 12:12:32 EST 2011
done - thanks.
seems to be working.
Seems like I'm doubling up a bit with stuff in threshold.conf and
disablesid.conf since the latter does not seem 100% effective esp. for
3-digit gen_id rules.
On Mon, November 14, 2011 11:57 am, Joel Esler wrote:
> Place them in the threshold.conf that is referenced from your snort.conf
> On Nov 14, 2011, at 11:36 AM, Rick Chisholm wrote:
>> Historically, I used threshold.conf - but apparently that is well
>> deprecated now. It's the suppress event_filter I think I am interested
>> - but where do I use these rules?
>> On Mon, November 14, 2011 10:35 am, Joel Esler wrote:
>>> On Nov 14, 2011, at 9:05 AM, Rick Chisholm wrote:
>>>> Since upgrading to 2.9.1.x I find I'm getting much more verbose
>>>> than previously. Of particular note is http_inspect and ssl_ssp -
>>>> think are from certain preprocessors. What can I do to mute these?
>>> Look into README.filters in the doc/ directory of the tarball.
>>> Joel Esler
>>> Senior Research Engineer, VRT
>>> OpenSource Community Manager
>> Rick Chisholm
>> Systems Administrator
More information about the Snort-users