[Snort-users] Event Suppression between specific Source and Destination

Guido Hungerbuehler guh at ...15642...
Fri Dec 14 05:04:23 EST 2012


I am running snort with alert-before-log configuration (it is 
necessary). How can I suppress a signature between two specific hosts?

With the 'Event Suppression' configuration it is only possible to select 
either track by_src or track by_dst.

The next question is: Why is this even like this for 'Event Suppression'?

I already searched the mailing-list archive because I think this issue 
has to be discussed earlier but I didn't find any information.

Thanks for your help.


More information about the Snort-users mailing list